Docket No. 3951-4001 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicant(s): Jonathan EUenberg, et. al. 

Group Art Unit: 3624 

Serial No.: 09/624,439 

Examiner: FELTEN, Daniel S 

Filed: July 24, 2000 

For: SYSTEM AND METHOD FOR CONDUCTING A CUSTOMER AFFINITY 

PROGRAM AUCTION 

PETITION UNDER 37 C.F.R. S 1.47(a) 

Mail Stop Amendment 
Commissioner for Patents 
P. O. Box 1450 
Alexandria, VA 22313-1450 

Sir: 

It is respectfully requested that the attached Declaration Of Jonathan EUenberg 
And Josh Nabozny Under 37 C.F.R. § 1.131 ("the Rule 131 Declaration") in above-identified 
patent application be accepted without the signature of Josh Nabozny, one of the two joint 
inventors of the subject matter of the application, pursuant to 37 C.F.R. § 1.47(a). 

Inventor Nabozny does not respond to repeated requests for him to execute the 
Rule 131 Declaration, following diligent efforts to reach him and to request that he sign this 
document, as detailed in the accompanying Statement of Facts. Therefore, inventor EUenberg is 
signing the Rule 131 Declaration on his own behalf and also on behalf of the non-signing 

inventor NabS^ i^ ac^S^M^« WeFiEt'l'f 7(a)! '^^'^^''''^ ™156 134500 09624439 

•]M ^-^K^il 'M'^ nOJI S;. i; :-j \ I 01 FC:1463 70.00 Dfi 130.00 OP 
This Petition is accompanied by the following: 
02701/2005 »ffiftFl-0eeeeM6 4345^ 09634439 / 
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Serial No.: 09/624,439 Docket No.: 3951-4001 

(1) the Rule 131 Declaration executed by joint inventor Ellenberg on behalf of 
himself and also on behalf of the non-signing inventor Nabozny. 

(2) a Statement of Facts, signed by Mark J. Abate, Esq. of Morgan & 
Finnegan, which accompanies this Petition and provides facts in support of the need of the 
inventor Ellenberg to sign the Rule 131 Declaration for this appHcation on behalf of himself and 
non-signing inventor Nabozny, after diligent effort in accordance with 37 C.F.R.. § 1.47(a); 

(3) a check for $130.00 for the requisite fee accompanying the petition under 
37C.F.R. § 1.47(a). 

(4) a petition pursuant to 37 C.F.R. § 1.13(a) for a one month extension of 
time to effect timely filing of the response to the September 23, 2003, Office Action; 

(5) a check for $ 120.00 (for the one-month extension of time); and 

(6) a Response To The September 23, 2004 Office Action. 

The most current address known for the non-signing inventor is stated in the 
Statement of Facts and is as follows: 

Josh Nabozny 

15 Kingswood Way 

Manalapan, NJ 07726 
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Serial No.: 09/624,439 



Docket No.: 3951-4001 



AUTHORIZATION 



The Commissioner is hereby authorized to charge any additional fee(s) which may 



be required for this Petition under 37 C.F.R. § 1.47(a), and accompanying papers, or to credit any 
overpayment, to Deposit Account No. 13-4500, Order No. 3951-4001 . 



Correspondence Address : 

MORGAN & FINNEGAN, L.L.P. 
3 World Financial Center 
New York, NY 10281-2101 
(212) 415-8700 Telephone 
(212)415-8701 Facsimile 



Respectfully submitted, 
MORGAN & FINNEGAN, L.L.P. 



Dated: January 24. 2005 




Mark J. Abate 
Registration No. 32.527 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Docket No. 3951-4001 



Applicant(s): 



Jonathan Ellenberg, et al. 



Group Art 



3624 



Serial No.: 



09/624,439 



Examiner: 



Felten, Daniel S 



Filed: 



July 24, 2000 



For: 



SYSTEM AND METHOD FOR CONDUCTING A CUSTOMER AFFINITY 



PROGRAM AUCTION 

STATEMENT OF FACTS IN SUPPORT OF PETITION UNDER 37 C.F.R. § 1, 47(a) 

Mail Stop Amendment 
Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



I, Mark J. Abate, hereby declare as follows: 

1 . I am an attorney admitted to the bars of New York, New Jersey and the U.S. Patent 
and Trademark Office (registration no. 32,527) and a partner of the firm of Morgan & Finnegan, 
L.L.P. ("Morgan & Finnegan"), 3 World Financial Center, New York, New York 10281-2101. I 
make this Statement Of Facts In Support Of The Petition Under 37 C.F.R. § 1.47(a) in the above- 
referenced application. Morgan & Finnegan has been retained by Merrill Lynch & Co., Inc. to 
prosecute and handle all matters relating to the above-referenced patent application in the U.S. 
Patent and Trademark Office. At Morgan & Finnegan, I am responsible for the handhng and 
prosecution of the above-referenced patent application. 

2. I am making this declaration on behalf of Merrill Lynch & Co., Inc., at which the 
invention of the above-referenced patent application was made and to whom the above-identified 
patent application is assigned, as to the exact facts which are relied upon to establish the diligent 
effort made to secure the execution of the Declaration Of Jonathan Ellenberg And Josh Nabozny 
Under 37 C.F.R. § 1.131 by the non-signing joint inventor, Josh Nabozny. 
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Sir: 



3. I have first-hand knowledge of the facts stated herein. 

STATEMENT OF CURRENT ADDRESS 

4. Josh Nabozny last known residence address is 15 Kingswood Way, Manalapan, 
New Jersey 07726. 

DETAILS OF OMITTED INVENTOR 

5. The inventors of above-identified patent application are Jonathan Ellenberg and Josh 
Nabozny. The application was filed on July 24, 2000. A Declaration and an Assignment to Merrill 
Lynch & Co., Inc., both executed by Jonathan Ellenberg and Josh Nabozny, have been filed in the 
application. Exhs. 1 and 2. 

6. After executing the Declaration and the Assignment, Josh Nabozny left the employ 
of Merrill Lynch & Co., Inc. 

7. Pursuant to 35 U.S.C. § 1 . 1 3 1 and 37 C.F.R. § 1 .47(a), inventor Jonathan Ellenberg 
executed the enclosed Declaration Of Jonathan Ellenberg And Josh Nabozny Under 37 C.F.R. 

§ 1.131 ("the Rule 131 Declaration") on behalf of himself and on behalf of non-signing joint 
inventor Josh Nabozny, who does not respond to my repeated attempts to contact him and to request 
that he sign the Rule 131 Declaration. As is set forth below^, Morgan & Finnegan, on behalf of 
Merrill Lynch & Co., Inc., has acted diligently and in good faith in making a bona fide attempt to 
request that inventor Josh Nabozny execute the Rule 131 Declaration. 

8. On December 15, 2004, 1 personally called telephone directory assistance to ask for 
the telephone number of Josh Nabozny at his last known address of 15 Kingswood Way, 
Manalapan, New Jersey. I was told by the operator that "at the customer's request the number is not 
published." 
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9. On December 15, 2004, 1 also personally conducted searches on the internet, using 
the search engines Google and Yahoo, for Josh Nabozny, but could not identify any listings 
corresponding to the co-inventor of the above-identified application. 

1 0. On December 1 5, 2004, 1 also asked our law firm's librarian to try to locate Josh 
Nabozny. Our librarian conducted a search on LEXIS, in the public records database. The LEXIS 
search uncovered a phone number as of September 9, 2003 of (732) 937-6 110 for Josh Nabozny. I 
called that number and a message that "at the customer's request, the number as been disconnected" 
was played. 

11. On December 1 5, 2004, 1 personally contacted the legal department of Merrill 
Lynch & Co., Inc. for any information concerning the whereabouts of Josh Nabozny. I was 
informed that contact information for former employees is not maintained by Merrill Lynch & Co., 
Inc. and that Merrill Lynch & Co., Inc. had no contact information for Josh Nabozny. I also asked 
Jonathan Ellenberg if he had contact information for Josh Nabozny. Jonathan Ellenberg informed 
me that he had no contact information for Josh Nabozny. 

1 2. On December 15, 2004, 1 also personally sent a letter to Josh Nabozny at his last 
known address of 15 Kingswood Way, Manalapan, New Jersey 07726. The letter was sent certified 
mail and a return receipt was requested. A copy of this letter and the certified mail receipt is 
attached. Exh. 3. In the letter, I asked that he contact me regarding the above-referenced patent 
application. I never received the return postcard, nor did I receive a response to my letter. 

13. On January 6, 2005, 1 asked my secretary, Jacqueline Marchione, to investigate the 
delivery or non-delivery of my December 15, 2004 letter to Josh Nabozny. She determined, fr-om 
the postal service database, that the letter was unclaimed. Attached are printouts jfrom that database 
showing that the letter was unclaimed. Exhs. 4 and 5. 
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14. On January 24, 2005, my letter of December 15, 2004 to Josh Nabozny was returned 
unopened as unclaimed. Exh. 6. 

15. I remain without any information as to the location of Josh Nabozny and I have no 
way of contacting him. 

16. I hereby declare that all statements made herein of my own knowledge are true and 
that all statements made on information and behef are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine, or imprisonment, or both, under Section 1001 of Title 18 of the United States 
Code and that such willfiil false statements may jeopardize the validity of the application or any 
patent issued thereon. 



Dated: January 24, 2005 




Mark J. Abate 
Registration No. 32,527 
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Docket No, 395 1-4001 



COMBINED DECLARATION AND POWER OF ATTORNEY FOR 
ORIGINAL, DESIGN, NATIONAL STAGE OF PCT, SUPPLEMENTAL 
DIVISIONAL, CONTINUATION OR CONTINUATION-IN-PART APPLICATION 

As a below name inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name, 

I believe I am an original, first and joint inventor of the subject matter which is claimed and for which a patent is 
sought on the invention entitled: 

A SYSTEM AND METHOD FOR CONDUCTING A CUSTOMER AFFINITY PROGRAM AUCTION 

the specification of which 

a. [X] is attached hereto 

b. [ ] was filed on as apphcation Serial No. and was amended on 

. (if applicable). 

PCT FILED APPLICATION ENTERING NATIONAL STAGE 

c. [ ] was described and claimed in International Application No. filed on and 

as amended on . (if any). 

I hereby state that I have reviewed and understand the contents of the above-identified specification, including the 
claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the patentability as defined in Title 37, Code of 
Federal Regulations, § 1.56. 

I hereby specify the following as the correspondence address to which all communications about this apphcation are 
to be directed: 

SEND CORRESPONDENCE TO: MORGAN & FINNEGAN, L.L.P 

345 Park Avenue 
New York, N.Y. 10154 

DIRECT TELEPHONE CALLS TO: Mark J. Abate 

(212)758-4800 

[ ] I hereby claim foreign priority benefits under Tide 35, United States Code § 1 19(a)-(d) or under 
§ 365(b) of any foreign application(s) for patent or inventor's certificate or under § 365(a) of any PCT international 
appUcation(s) designating at least one country other than the U.S. listed below and also have identified below such 
foreign application(s) for patent or inventor's certificate or such PCT international application(s) filed by me on the 
same subject matter having a filing date within twelve (12) months before that of the apphcation on which priority is 
claimed: 

[ ] The attached 35 U.S.C. § 1 19 claim for priority for the apphcation(s) listed below forms a part of this 
declaration. 
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Application Date of filing Date of Issue Priority 

Countrv/PCT Number (day, month, vr) fdav. month, vr) Claimed 



[]YES [ ]N0 



r 1 YES r 1 NO 



nYES[]NO 



[ ] I hereby claim the benefit under 35 U.S.C. § 1 19(e) of any U.S. provisional application(s) listed below. 
Provisional Application No. Date of Filing fdav. month, vr) 



ADDITIONAL STATEMENTS FOR DIVISIONAL, CONTINUATION OR CONTINUATION-IN-PART 
OR PCT INTERNATIONAL APPLICATIONS^ fDESIGNATING THE U.S.) 

I hereby claim the benefit under Title 35, United States Code § 120 of any United States application(s) or under 
§ 365(c) of any PCT international application(s) designating the U.S. listed below. 



US/PCT Application Serial No. Filing Date Status (patented, pending, abandoned)/ 

U.S. application no. assigned (For PCT) 



US/PCT Application Serial No. Filing Date Status (patented, pending, abandoned)/ 

U.S. application no. assigned (For PCT) 



[ ] In this continuation-in-part application, imofar as the subject matter ofanyofthe claims of this 
application is not disclosed in the above listed prior United States or PCT international application(s) in the manner 
provided by the first paragraph of Title 35, United States Code, § 1 12, 1 acknowledge the duty to disclose material 
information as defined in Titie 37, Code of Federal Regulations, § 1.56(a) which occurred between the filing date of 
the prior application(s) and the national or PCT international filing date of this application. 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that 
willful false statements and the like so made are punishable by fine or Imprisonment, or both, under Section 1001 of 
Titie 18 of flie United States Code and tiiat such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 

I hereby appoint the following attorneys and/or agents with full power of substitution and revocation, to prosecute 
this application, to receive the patent, and to transact all business in the Patent and Trademark Office connected 
therewith: John A. Diaz (Reg. No. 19,550), John C. Vassil (Reg. No. 19,098), Alfred P. Ewert (Reg. No. 19,887), 

-2- 
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David H. Pfeffer (Reg. No. 19,825), Harry C. Marcus (Reg. No. 22,390), Robert E. Paulson (Reg. No, 21,046), 
Stephen R. Smith (Reg. No. 22,615), Kurt E. Richter (Reg. No. 24,052), J. Robert Dailey (Reg. No. 27,434), Eugene 
Moroz (Reg. No. 25,237), John F. Sweeney (Reg. No. 27,471), Arnold I. Rady (Reg. No. 26,601), Christopher A. 
Hughes (Reg. No. 26,914), William S. Feiler (Reg. No. 26,728), Joseph A. Calvaruso (Reg. No. 28,287), James W. 
Gould (Reg. No. 28,859), Richard C. Komson (Reg. No. 27,913), Israel Blum (Reg. No. 26,710), Bartholomew 
Verdirame (Reg. No. 28,483), Maria C.H. Lin (reg. No. 29,323), Joseph A. DeGirolamo (Reg. No. 28,595), Michael 
P. Dougherty (Reg. No. 32,730), Seth J. Atlas (Reg. No. 32,454), Andrew M. Riddles (Reg. No. 31,657), Bruce D. 
DeRenzi (Reg. No. 33,676), Michael M. Murray (Reg. No. 32,537), Mark J. Abate (Reg. No. 32,527), Alfred L. 
Haffiier, Jr. (Reg. No. 18,919), Harold Haidt (Reg. No. 17,509), John T. Gallagher CReg. No. 35,516), Steven F. 
Meyer (Reg. No. 35,613), Kenneth H. Sonnenfeld (Reg. No. 33,285), Tony V. Pezzano (Reg. No. 38,271), Andrea 
L. Wayda (Reg. No. 43,979) and Walter G. Hanchuk Reg. No. (35,179) of Morgan & Finnegan, L.L.P. whose 
address is: 345 Park Avenue, New York, New York, 10154; and Michael S. Marcus (Reg. No. 3 1,727) and John E. 
Hoel (Reg. No. 26,279) of Morgan & Finnegan, L.L.P., whose address is 1775 Eye Street, Suite 400, Washington, 
D.C. 20006. 

[X] I hereby authorize the U.S. attorneys and/or agents named hereinabove to accept and follow instructions 
from Patrick Romain, Esq. as to any action to be taken in the U.S. Patent and Trademark Office regarding 
this application without direct communication between the U.S. attorneys and/or agents and me. In the 
event of a change in tfie person(s) from whom instructions may be taken I will so notify the U.S. attorneys 
and/or agents hereinabove. 



Full name of sole or first vaff^of J/najhan Ellenberg 




Inventor's signature 

date 

Residence 23 Murphy I^xjv^, Bridgcwater, NJ 08807 



Citizenship USA 



Post Office Address 23 Murphy Drive, Bridgewater, NJ 08807 



nt inventor, if any Josh Nabozny 



Full name of second joint inventor, if any Josh Nabozny 
Inventor's signature 



Residence 15 Kingswood Way, Manalapan, NJ 07t2j 




Citizenship USA 



Post Office Address 15 Kingswood Way, Manalapan, NJ 07726 



[ ] ATTACHED IS/ARE ADDED P AGE(S) TO COMBINED DECLARATION AND POWER OF 
ATTORNEY FORM FOR SIGNATURE BY FOURTH AND SUBSEQUENT ESTVENTORS 
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* Before signing this declaration, each person signing must: 

1 . Review the declaration and verify the correctness of all infonnation therein; and 

2. Review the specification and the claims, including any amendments made to the claims. 

After the declaration is signed, the specification and claims are not to be altered. 
To the inventor(s): 

The following are cited in or pertinent to the declaration attached to the accompanying application: 

Tide 37. Code of Federal Regulation. ^ 1.56 

Duty to disclose information material to patentability. 

(a) A patent by its very nature is affect with a public interest. The public interest is best served, and 
the most effective patent examination occurs when, at the time an application is being examined, the Office 
is aware of and evaluates the teachings of all information material to patentability. Each individual 
associated with the filing and prosecution of a patent appHcation has a duty of candor and good faith in 
dealing with the Office, which includes a duty to disclose to the Office all infonnation known to that 
individual to be material to patentabiUty as defined in this section. The duty to disclose information exists 
with respect to each pending claim until the claim is canceled or withdrawn from consideration, or the 
application becomes abandoned. Information material to the patentability of a claim that is canceled or 
withdrawn from consideration need not be submitted if the information is not material to the patentability 
of any claim remaining under consideration in the application. There is no duty to submit information 
which is not material to the patentability of any existing claim. The duty to disclose all information known 
to be material to patentability is deemed to be satisfied if all infonnation known to be material to 
patentability of any claim issued in patent was cited by the Office or submitted to the Office in the manner 
prescribed by §§ 1.97(b)-(d) and 1.98. However, no patent will be granted on an application in connection 
with which fraud on tiie Office was practiced or attenq)ted or the duty of disclosure was violated through 
bad faith or intentional misconduct. The Office encourages applicants to carefvdly examine: 

(1) prior art cited in search reports of a foreign patent office in a counterpart application, and 

(2) the closest information over which individuals associated with the filing or prosecution of 
a patent application believe any pending claim patentably defines, to make sure that any 
material information contained therein is disclosed to the Office. 

Title 35. U.S. Code S 101 
Inventions patentable 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 
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Title 35 U.S. Code 6 102 



Conditions for patentability; novelty and loss of right to patent 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for patent, 

(b) the invention was patented or described in a printed publication in this or foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in the United 
States, or 

(c) he has abandoned the invention, or 

(d) the invention was first patented or caused to be patented, or was the subject of an inventor's 
certificate, by the applicant or his legal representatives or assigns in a foreign coimtry prior to the date of the 
application for patent in this country on an application for patent or inventor's certificate field more than twelve 
months before the filing of the application in the United States, or 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application by another 
who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this tide before the invention 
thereof by the appUcant for patent, or 

(f) he did not himself invent the subject matter sought to be patented, or 

(g) before the applicant's invention thereof the invention was made in this covmtry by another had not 
abandoned, suppressed, or concealed it. In determining priority of invention there shall be considered not only the 
respective dates of conception and reduction to practice of the invention, but also the reasonable diUgence of one 
who was first to conceive and last to reduce to practice, firom a time prior to conception by the other . . . 

Title 35. U.S. Codes 103 

Conditions for patentability; non-obvious subject matter 

A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such 
that the subject matter as a whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said matter pertains. Patentability shall not be negatived by the manner in which 
the invention was naade. 

Subject matter developed by another person, which qualifies as prior art only under subsection (f) or (g) of 
section 102 of this title, shall not preclude patentability under this section where the subject matter and the claimed 
invention were, at the time the invention was made, owned by the same person or subject to an obligation of 
assignment to the same person. 
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Title 35. U.S. Code 8 11 2 rin p art) 



Specification 

The specification shall contain a written description of the invention, and of tiie manner and process of 
making and usmg it, in such fiill, clear, concise and exact terms also enable any person skiUed in the art to which it 
pertams, or with which it is mostiy nearly connected, to make and use the same, and shaU set forth the best mode 
contenq>lated by the inventor of carrying out his invention. 



Title 35. U.S. Codes 119 

Benefit of earlier filing date in foreign countiy; right of priority 

An application for patent for an invention filed in this country by any person who has, or whose legal 
representatives or assigns have, previously regularly filed an appUcation for a patent for tiie same invention in a 
foreign countiy which affords similar privileges in tiie case of applications filed in the United States or to citizens of 
the United States, shaU have die same effect as tiie same application would have if filed in this country on the date 
on which flie application for patent for die same invention was first filed in such foreign countiy, if tiie application in 
this countiy is filed wifliin twelve months from the earliest date on which such foreign application was filed- but no 
patent shall be granted on any appUcation for patent for an invention which had been patented or described in a 
printed pubUcation in any countiy more tiian one year before flie date of he actual filing of the application in fliis 
countiy, or which had been in public use or on sale in tiiis country more tiian one year prior to such filing. 

Title 35. U.S. Code S 120 

Benefit or earlier filing date in the United States 

An appUcation for patent for an invention disclosed in tiie manner provided by tiie first paragraph of section 
1 12 of this tide m an appUcation previously filed in flie United States, or as provided by section 363 of fliis titie 
vMch is filed by an inventor or inventors named in die previously filed appUcation shaU have tiie same effect, as to 
such mvention, as fliough filed on tiie date of tiie prior application, if filed before tiie patenting or abandonment of or 
termmation of proceedings on tiie first appUcation or ar apolic ation similarly entitied to tiie benefit of die fiUng date 
of die first appUcation and if it contains or is amer, i.m a specific reference to tiie earUer filed appUcation. 

Please read carefiiUy before signin f t i ; . attached to flie accon^ianying AppUcation. 

If you have any questio;; , ^ .ase contact Morgan & Finnegan, L.L.P. 



FORM:COMB-DEC.NY 
Rev. 1/00 
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PATENT 
Docket No. 3951-4001 

ASSIGNMENT OF APPLICATION FOR PATENT 

WHEREAS: 

Jonathan ELLENBERG, 23 Murphy Drive, Bridgewater, NJ 08807, USA 

JoshNABOZNY, 15 Kingswood Way, Manalapan, NJ 07726, USA 



(full name(s) and post office address(s) of inventor(s) (including country)) 
(hereinafter referred to as ASSIGNOR(S)), has made a discovery or invention entitled: 

A SYSTEM AlSfD METHOD FOR CONDUCTING A CUSTOMER AFFIMTY PROGRAM AUCTION 

(title of discovery or invention) 

[ ] for which application for Letters Patent of the United States has been executed on even date herewith, 

pC] for which application for Letters Patent of the United States has been filed on , under Serial No. 

, and 

WHEREAS: 

Merrill Lynch & Co., Inc., 4 World Financial Center, New York, NY 10080 USA 

(name and address of assignee) 

(hereinafter referred to as ASSIGNEE), is desirous of acquiring the entire interest in, to and under said invention and 
in, to and under Letters Patent or similar legal protection to be obtained therefor in the United States and in any and 
all foreign countries. 



NOW, THEREFORE, TO ALL WHOM IT MAY CONCERN: 

Be it known that in consideration of the payment by ASSIGNEE to ASSIGNOR(S) of the sum of one 
Dollar ($1.00), the receipt of which is hereby acknowledged, and for other good and valuable consideration, 
ASSIGNOR(S) hereby sells, assigns and transfers to ASSIGNEE, its successors, legal representatives and assigns, 
the fiill and exclusive right, title and interest to said discovery or invention in the United States and its territorial 
possessions and in all foreign countries and to all Letters Patent or similar legal protection in the United States and 
its territorial possessions and in any and all foreign countries to be obtained for said invention by said application or 
any continuation, division, renewal, substitute or reissue thereof or any legal equivalent thereof in a foreign country 
for the fiill term or terms for which the same may be granted. 

I, SAID ASSIGNOR(S), hereby authorize and request the Commissioner of Patents and Trademarks of the United 
States of America and any Official of any country or countries foreign to the United States of America whose duty it 
is to issue Letters Patent on applications as aforesaid, to issue all such Letters Patent for said discovery or invention 
to the ASSIGNEE, as assignee of the entire right, title and interest in, to and under the same, for the sole use and 
behalf of the ASSIGNEE, its successors, legal representatives and assigns, in accordance with the terms of this 
instrument. 
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I, SAID, ASSIGNOR(S), hereby covenant that I have full right to convey the entire right, title and interest herein 
sold, assigned, transferred and set over; 

AND I, SAID ASSIGNOR(S) hereby further covenant and agree that the ASSIGNEE, its successors, legal 
representatives, or assigns, may apply for foreign Letters Patent on said discovery or invention and claim the 
benefits of the International Convention, and that I will, at any time, when called upon to do so by the ASSIGNEE, 
its successors, legal representatives, or assigns, communicate to the ASSIGNEE, its successors, legal 
representatives, or assigns, as the case may be, any facts known to me respecting said discovery or invention, and 
execute and deliver any and all lawful papers that may be necessary or desireable to perfect the title to the said 
discovery or invention, the said applications and the said Letters Patent in the ASSIGNEE, its successors, legal 
representatives and assigns, and tfiat if reissues of the said Letters Patent or disclaimers relating thereto, or divisions, 
continuations, or refilings of the said applications, or any thereof, shall hereafter be desired by the ASSIGNEE, its 
successors, legal representatives, or assigns, I will, at any time, when called up to do so by the ASSIGNEE, its 
successors, legal representatives, or assigns sign all lawfiil papers, make all rightful oaths, execute and deliver all 
such disclaimers and all divisional, continuation and reissue applications so desired, and do all lawful acts requisite 
for the application for such reissues and the procuring thereof and for the filing of such disclaimers and such 
applications, and generally do everything possible to aid the ASSIGNEE, its successors, legal representatives and 
assigns, to obtain and enforce proper patent protection for said invention or discover in all coimtries, and without 
further condensation but at the expense of the ASSIGNEE, its successors, legal representatives and assigns. 



Assignor's signature: 




Citizenship: USA 

IN WITNESS WHEREOF, I have hereunto set my hand and affixed my seal this day of 

STATE OF /Oeto jersei^ ) 
COUNTY OF Hercc/^ ) 

On this / ^ day of ' 20 tt) before me, the undersigned authority, personally appeared to me 

known and known to me to be the individual who is described in and who executed the foregoing Assignment, and 
who duly acknowledged to me that he executed the same as his own voluntary act and deed for the \ises and 
purposed therein specified. 

Notary Public 




CHRISTINE BAROWSKI 

NOTARY PUBLIC OF NEW JERSEY 

MY COMMISSION EXPIRES JAN. 30, 2004 
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Assignor's signature: 
Citizenship: USA 



Josh Nabozny A w 



Docket No. 3951-4001 



IN WITNESS WHEREOF, I have hereunto set my hand and affixed my seal this j^^ day of j I? m . 
2^C20 (J 

STATE OF N^euo 'Jexsex^) 
COUNTY OF Me^ce^ ) 

On this I day of J7jL|| j .. 20^before me, the undersigned authority, personally appeared 

to me known and known to me to be the individual who is described in and who executed the foregoing Assignment, 
and who duly acknowledged to me that he executed the same as his own voluntary act and deed for the uses and 
purposed therein specified. 

Notary Public 

CHRISTINE BAROWSKI 
NOTARY PUBLIC OF NEW JERSEY 

MY COMMISSION EXPIRES JAM 30, 2004 



FORM: ASSIGN. PAT 
Rev. 07/29/99 
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December 15, 2004 



By Certified Mail/Return Receipt Requested 

Josh Nabozny 

15 Kings wood Way 

Manalapan, NJ 07726 

Re: U,S. Patent Application No. 09/624,439 

For System And Method For Conducting A Customer 
Affinity Program Auction 

Our Ref : 3951-4001 

Dear Josh: 

Please call me at your earliest convenience to discuss 
the above -referenced patent application which was filed in your 
name while you were a Merrill-Lynch employee. Thank you. 

Verv truly yours, 



Mark J. Abate 

M JA : j m 
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»TIFIED MAIL™ RECEIPT 

ai^estic Mail Only; No Insurance Coverage Providl 



For delivery informat ion visit o ur website at www:i;i^comi, 
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Postage $ . ^ 



Certified F=te 



a ^ ^Return RedepiFtee 
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Total Postage & Fees 




PS Form 3800, June 2002 



See Reverse for Instructic 



From: Marchione, Jacqueline 

Sent: Thursday, January 06, 2005 3:31 PM 

To: Abate, Mark J. 

Subject: FW: USPS Shipment Info for 7003 2260 0003 5369 1474 



FYI -- they will notify me up to 2 weeks if any changes. 
Original Message 

From: USPS_Track_&_Conf irm_ [mailto : USPS_Track_Conf irm@usps . com] 
Sent: Thursday, January 06, 2005 3:19 PM 
To: Marchione, Jacqueline 

Subject: USPS Shipment Info for 7003 2260 0003 5369 1474 
This is a post-only message. Please do not respond. 

Jacqueline Marchione has requested that you receive the current Track & 
Confirm information, as shown below. 

Current Track & Confirm Info provided by the U.S. Postal Service, 01/06/05 
Label Number: 7003 2260 0003 5369 1474 
Service Type: Certified 

Shipment Activity Location Date & Time 



UNCLAIMED ENGLISHTOWN NJ 07726 01/03/05 

12 : 39pm 

NOTICE LEFT ENGLISHTOWN NJ 07726 12/18/04 

1 : 2 9pm 

ARRIVAL AT UNIT ENGLISHTOWN NJ 07726 12/18/04 

8 : 20am 



USPS has not verified the validity of any email addresses submitted via its 
online Track & Confirm tool. 

For more information, or if you have additional questions on Track & 
Confirm services and features, please visit the Frequently Asked Questions 
(FAQs) section of our Track & Confirm site at 
http : / /www . usps . com/shipping/trackandconf irmf aqs . htm 
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USPS - Track & Confirm 



Page 1 of 1 




Track & Confirm 



Shipment Details 

You entered 7003 2260 0003 5369 1474 

Your item was returned to the sender on January 03, 2005 because it 
was not claimed by the addressee. 

Here is what happened earlier: 

■ NOTICE LEFT, December 18, 2004, 1:29 pm, ENGLISHTOWN, 
NJ 07726 

■ ARRIVAL AT UNIT. December 18, 2004, 8:20 am, 
ENGLISHTOWN, NJ 07726 



Track & Confirm 

Enter label number: 



Track & Confirm FAQs ( 



Notification Options 



► Track & Confirm by email What is th is? 



POSTAL INSPECTORS 
Preserving the Trust 



site map contact us government services 

Copyright © 1999-2002 USPS. All Rights Reserved. Terms of Use Privacy Policy 



http://trkcnfnnl.smi.usps.com/netdata-cgi/db2ww/cbd_243.d2w 
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Track & Confirm 



Current Status 

You entered 7003 2260 0003 5369 1474 

Your item was returned to the sender on January 03, 2005 because it 
was not claimed by the addressee. 

Q 



Notification Options 



► Track & Confirm by email What is this? 



Track & Confirm 

Enter label number: 



Track & Confirm FAQs ( 



POSTAL INSPECTORS 
Preserving the Trust 



site map contact us government services 

Copyright © 1999-2002 USPS, AH Rights Reserved. Terms of Use Privacy Policy 



http://trkcnfrml .smi.usps.com/netdata-cgi/db2www/cbd__243 .d2w/output 
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2 7 20S8 " Docket No. 3951-4001 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicant(s): Jonathan EUenberg, et. al. 

Group Art Unit: 3624 

Serial No.: 09/624,439 

Examiner: FELTEN, Daniel S 

Filed: July 24, 2000 

For: SYSTEM AND METHOD FOR CONDUCTING A CUSTOMER AFFINITY 

PROGRAM AUCTION 



DECLARATION OF JONATHAN ELLENBERG 
AND JOSH NABOZNY UNDER 37 C.F.R. S 1.131 

Mail Stop 

Commissioner for Patents 
P. O. Box 1450 
Alexandria, VA 22313-1450 

Sir: 

~ This Declaration Under 37 C.F.R. § 1.131 is submitted in the above-identified 

application. 

Jonathan EUenberg and Josh Nabozny, being duly sworn, depose and say: 

1 . That we are co-inventors of the above-identified patent application. 

2. That our records indicate that the invention of the above-identified patent 
application was conceived prior to June 23, 1999, as evidenced by the photocopies of the 
documents attached hereto as Exhibits A and B. 

3. That every date on Exhibits A and B was earlier than June 23, 1999. 
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4. That Exhibits A and B disclose the concept of a system and method for 
conducting a customer affinity program auction as claimed in the above-identified patent 
application. 

5. We began working on implementing the system and method for 
conducting a customer affinity program auction before June 23, 1999. The system and method 
was reduced to practice as shown in Exhibits G, H, I and J. 

6. That at all times from when we began working on implementing the 
system and method for conducting a customer affinity program auction, prior to June 23, 1999, 
to the date when the system and method for conducting a customer affinity program auction was 
reduced to practice, we worked diligently on the implementation of the system and method for 
conducting a customer affinity program auction. Exhs. A-J show activities relating to the work 
on reducing the invention to practice. Some of the attached exhibits were prepared by employees 
of IBM. See , e.g. , Exhs. C, D, E, G, I and J. The documents prepared by employees of IBM 
were prepared after our conception of the invention, reflected in Exhs. A and B, and the IBM 
employees who prepared those documents were working under our direction. In addition, 
Gilbert Gazzia, referenced in some of the attached exhibits, was an employee of Merrill Lynch & 
Co., Inc. working under the direction of Josh Nabozny. See, e.g. , Exhs. G, H and I. 

7. All of the work on the conception and reduction to practice of the 
invention was conducted in the United States. 

8. We hereby further declare that all statements made herein of our own 
knowledge are true and that all statements made on information and belief are believed to be 
true; and further that these statements were made with the knowledge that willful false 

2 
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statements and the like so made are punishable by fine or imprisonment, or both, under Section 
1001 of Title 18 of the United States Code and that such willful false statements may jeopardize 
the validity of the application of any patent issued thereon. 




Josh Nabozny 
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Please respond to GGazzia@NJAOST.ML.com 

To: Rhodes Rumsey/Atlanta/IBM@IBMUS 

cc: 

Subject; Merrill Lynch Auctions 

Dusty, 

I figured I needed to give you some additional information regarding 
auctions so that we can receive a proposal targeted to Merrill Lynch. We 
are currently speaking with uBid in reference to their auction engine. This 
is something Frank needs me to pursue ASAP. 

* Merrill Lynch is looking to create an ^auction site using the 
Signature Reward Points - It will provide Visa Signature members the 
capability to redeem their Signature Reward Points for products offered for 
auction. 

* If the Signature Rewards Auction is successful, Merrill Lynch would 
add a Regular Auction site . 

IBM/OpenSite Technologies needs to: 

* Modify its program to enable the use of Signature Reward Points 

* Work with Merrill Lynch to come up with the initial architectural 
design for the site 

* Implement the initial site 

* Help Merrill Lynch set up and manage online auctions 

* Provide training to Merrill Lynch on the online auction system 

* Provide technical support during the engagement 
Requirements : 

IBM/OpenSite will license its Online Auction software to Merrill Lynch for 
use in the Signature Reward program. Winning bidders will be referred to 
Merrill Lynch 's 1-800 number to finalize their transaction for the items 
purchased at auction. Merrill Lynch will be the party offering the 
inventory in the auction. 

IBM/OpenSite will supply the resources for: 

* Systems development, operation and maintenance 

* Copies of the software required to operate the system 

* Modification and support to change UI to specifications supplied by 
Merrill Lynch 

* Merrill Lynch will detemine the number of inventory items to be put 



up for bid in any single auction and the minimum bid for such inventory in 
the auction. 

Merrill Lynch will be responsible for and bear the costs of: 

* Merchandising, including any governmental approvals, licenses or 
permits required in connection therewith. 

* All content for the Merrill Lynch Signature Reward auction site, 
including: relevant information on the inventory offered; all disclosures 
and disclaimers required by law to offer the inventory (including any 
required statements that the inventory is not being offered to residents of 
particular jurisdictions) ; order fulfillment, including all arrangements for 
winning bidders to secure their inventory won at auction; and customer 
service . 

Development Specifications 

Merrill Lynch will provide the specifications for the systems development 
effort, including interface specifications. If IBM/OpenSite is xinable to 
supply the resources to meet specified timelines, under IBM/OpenSite ' s 
direction, Merrill Lynch will provide the resources required to complete the 
project . 

IBM/OpenSite Fees? 

* Auction engine license fee 

* Hourly rate for resources needed 

Target Date for Pilot Launch 

We would like to have the Merrill Lynch Signature Reward auction site 
operational within 90 days following the signing of a definitive agreement. 

IBM/OpenSite and Merrill Lynch will determine the length of time needed to 

successfully carry out a pilot of the auction site. Once the pilot is 

complete a decision will be made on whether Merrill Lynch should have a 
permanent auction site. 



The Merrill Lynch/Auction Partnership 



Business Strategy: 

Merrill Lynch is Interested In partnering with an auction management firm in order 
to promote Merrill Lynch products and a more active use of the MLOL site. 
Three options for partnership would be possible: 

1 . Merrill Lynch would partner with an on-line auction Internet site that would run 
auctions on behalf of Merrill Lynch. 

2. Merrill Lynch would purchase auction software and incorporate the software 
Into ML OnLine, taking responsibility for running auctions. 

3. Merrill Lynch would purchase auction software that would run at an alternate 
site and contract with an auction management firm to run the auction offsite. 

Although Merrill Lynch prefers the first option, the other two would be considered 
viable under limited circumstances. 

Audience for the Auctions: 

Since Merrill Lynch would like to sponsor different types of auctions for various 
purposes, a method for targeting the auction audience is necessary. In any 
case, however, these auctions would be offered to Merrill Lynch clients 
exclusively. However, under some conditions the target audience would be 
expanded or contracted based on the purpose of the auction. 

We need the capability to keep our client's anonymous to other users of the 
auction site. 

Types of Auctions: 

The full range of auctions would be needed. This means that for each auction, 
Merrill Lynch would want the ability to determine which type of auction to hold 
from the following well-known auction types: 

Traditional 

Traditional with Agent 
Descending or Dutch 
Wall Street 
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Silent 

Straight Sale 
Fire Sale 



Settlement: 



The auction manager would be responsible for determining the winner of the 
auction and communicating this information to Merrill Lynch. Upon that 
communication, Merrill Lynch would be responsible for the actual settlement of 
the purchase. This would be done using the standard methods of settlement that 
take place for auctions today. The only potential deviation from this is the 
possibility of settling in Merrill Lynch dollars, CMA Visa Signature Rewards 
points, or other pseudo-money forms of payment to be determined. 

Scheduling and Notification of Auctions: 

It would be expected that the auction management system would have the facility 
to schedule and notify the different target audiences of when a particular auction 
is taking place and what's being put up for auction. 

Product Selection: 

Products, services or events being offered for auction can come from Merrill 
Lynch, a Merrill Lynch e-commerce partner or from the auction management firm. 
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PROPOSED FUNCTIONALITY 



Rules 


1. Each auction has a pre-determined start and end date based on 
the seller discretion. 

2. Auctions normally last 1 - 7 days. 

3. Auction bidding can be done 24 hours a day, 7 days a week. 

4. Prices are final and it is up to the seller and winning bidder to 
complete the sale. 

5. All bids are done online with registered participants. 

6. Sellers cannot bid in their own auction. 


Bidding 


1. Traditional - This is the standard bidding process, where a 
product goes up for auction at a starting price. 

2. Traditional with Agent - These are traditional auctions with the 
added feature that you can use an intelligent Agent to place 
bids on your behalf. 

3. Descending or Dutch - Products start at a set price, and at 
regular time intervals, the price decreases by a set amount. 

4. Wall Street - Like the stock market, the selling price of a product 
in this bidding process is based on demand. 

5. Silent - Here, unlike the other bidding methods, you have no 
clue what your competitors are offering for a particular product. 

6. Straight Sale - Products are offered at a set price, and sell on a 
first-come, first-served basis, until the supply is exhausted. 

7. FireSale - This auction is very similar to a straight sale. 
However, every tirne someone bids, the sale price moves 
slightly higher by the amount posted under Price Increase Per 
Bid. 


Selling 


1 . Seller fee, when applicable, will be waived to encourage usage 
of the site. 


Email 


1 . Confirm of bid 

2. Daily status of involved auctions 

3. Outbid notification when maximum bid is reached 

4. End of auction notification 

5. Wining bid notification to seller and buyer 


Payment/Credit 


1 . Can be facilitated between ML accounts. 

2. CMA Visa Signature, WCMA or EMA Premium Visa card 
purchases would be eligible for additional Signature Rewards 
points. 

3. Purchases made with Signature Rewards points would be 
deducted from client's total balance. 
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Merrill Lynch 

Signature Website 

Auction Engine Recommendations 

Merrill Lynch has asked for a high level analysis of the best solution for offering auctioning functionality 
on their current Signature VISA website. An original analysis explored the use of OpenSite technology, the 
same engine used to build Ebay, as well as several other popular web auctioning sites. Using OpenSite 
would require designing and building the auction functionality into the existing site, testing it, and 
migrating it to the production server hosted by IBM. 

Also explored in this recommendation is IBM's NetCommerce technology which includes Auction 
functionality. 



8 



REQUIREMENTS 



The initial requirements for the auction functionality, provided by Merrill Lynch, are as follows: 

Business Strategy: 

Merrill Lynch is interested in partnering with an auction management firm in order to promote Merrill 
Lynch products and a more active use of the MLOL site. Three options for partnership would be possible: 

• Merrill Lynch would partner with an on-line auction Internet site that would run auctions on behalf of 
Merrill Lynch. 

• Merrill Lynch would purchase auction software and incorporate the software into ML OnLine, taking 
responsibility for running auctions. 

• Merrill Lynch would purchase auction software that would run at an alternate site and contract with an 
auction management firm to run the auction offsite. 

Although Merrill Lynch prefers the first option, the other two would be considered viable under limited 
circumstances. 

Audience for the Auctions: 

Since Merrill Lynch would like to sponsor different types of auctions for various purposes, a method for 
targeting the auction audience is necessary. In any case, however, these auctions would be offered to 
Merrill Lynch clients exclusively. However, under some conditions the target audience would be expanded 
or contracted based on the purpose of the auction. 

We need the capability to keep Merrill clients anonymous to other users of the auction site. 

Types of Auctions: 

The fiill range of auctions would be needed. This means that for each auction, Merrill Lynch would want 
the ability to determine which type of auction to hold from the following well-known auction types: 

• Traditional 

• Traditional with Agent 

• Descending or Dutch 

• Wall Street 

• Silent 

• Straight Sale 

• Fire Sale 

Settlement: 

The auction manager would be responsible for determining the wirmer of the auction and communicating 
this information to Merrill Lynch. Upon that communication, Merrill Lynch would be responsible for the 
actual settlement of the purchase. This would be done using the standard methods of settlement that take 
place for auctions today. The only potential deviation from this is the possibility of settling in Merrill 
Lynch dollars, CMA Visa Signature Rewards points, or other pseudo-money forms of payment to be 
determined. 



Scheduling and Notification of Auctions: 



It would be expected that the auction management system would have the facility to schedule and notify the 
different target audiences of when a particular auction is taking place and what's being put up for auction. 



Product Selection: 



Products, services or events being offered for auction can come from Merrill Lynch, a Merrill Lynch e- 
commerce partner or from the auction management fum. 



PROPOSED FUNCTIONALITY 


Rules 


• Each auction has a pre-determined start and end date based on the seller discretion. 

• Auctions normally last 1 - 7 days. 

• Auction bidding can be done 24 hours a day, 7 days a week. 

• Prices are fmal and it is up to the seller and winning bidder to complete the sale. 

• All bids are done online with registered participants. 

• Sellers cannot bid in their own auction. 


Bidding 


• Traditional - This is the standard bidding process, where a product goes up fo 
auction at a starting price. 

• Traditional with Agent - These are traditional auctions with the added feature that you can use 
an intelligent Agent to place bids on your behalf 

• Descending or Dutch - Products start at a set price, and at regular time intervals, the price 
decreases by a set amount. 

• Wall Street - Like the stock market, the selling price of a product in this bidding process is 
based on demand. 

• Silent - Here, unlike the other bidding methods, you have no clue what your competitors are 
offering for a particular product. 

• Straight Sale - Products are offered at a set price, and sell on a first-come, first-served basis, 
until the supply is exhausted. 

• FireSale - This auction is very similar to a straight sale. However, every time someone bids, 
the sale price moves slightly higher by the amount posted under Price Increase Per Bid. 


Selling 


Seller fee, when applicable, will be waived to encourage usage of the site. 


Email 


• Confirm of bid 

• Daily status of involved auctions 

» Outbid notification when maximum bid is reached 

» End of auction notification 

» Wining bid notification to seller and buyer 


Payment/Credit < 

I 

1 


» Can be facilitated between ML accounts. 

► CMA Visa Signature, WCMA or EMA Premium Visa card purchases would be eligible for 

additional Signature Rewards points. 
» Purchases made with Signature Rewards points would be deducted fi-om client's total balance. 
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Solution Overviews 



COMPARISON 





OpenSite 


NetCommerce 


Existing Auction Site 


oupeiDOWi 
Promotion deadline 


i^ouia De Duiit, with minimal 
graphic treatment, sans testing, in 
time to auction the tickets 


Could not be budt m time to 
auction the tickets 


Could be ready for 
auctioning 


OCX up eiion 


1 uu nr eriort to install and set up 
development environment 


800 hr effort minimum to set 
up development environment 


Unknown 


Development effort 


Tbd 


tbd 


Tbd 


Features 


Highest feature set vs. cost 


High feature set, but includes 
many other e-commerce 
functions not necessary for 
Signature 


Tbd 


llllllal V^UMa 


7~' : 

Software/Licensing: 
a>ju,uvu approx 


Software/Licensing: 
$60,000/$ 10,000 approx 


Lowest Cost 


r^niti naf iKilii'v 
\^uiii|JaiiuilltY 


Compatible with current site, 
could be installed to existing 

oCi VCl 


Does not run on Internet 
Information Server - would 
require a separate hosting 
environment from the 
oignaiure sue 


Not applicable 


Scalability 


Yes 


I es 


Tbd 


Ungrade? 


Yes 


Vac 

I es 


Tbd 


Administration Tool 


Yes 


JNO 


Not applicable 


Merchant posted 
offerings 


Yes 


No 


Tbd 


Handles Points for 
currency 


Tbd 


Tbd 


Tbd 


Types of auctions 


All 


Tbd 


Tbd 


Settlement 


Tbd 


Tbd 


Tbd 


Scheduling/Notification 


Tbd 


Tbd 


Tbd 



























SUMMARY: 

The possibility of creating an Auction in time for a Super Bowl ticket offering is best accomplished through 
an existing auction site on a "lease" for the single offering. There are many questions surrounding points 
and handling Merrill account info through a third party auction site adequately in such a short timeframe. 

Over time, this "lease" option would not be the proper solution. 

Using OpenSite, a simplified auction function could be built within the existing site framework in time for 
the promotion, but without, in our estimation, proper testing. 

Net.Commerce provides the most robust functionality, but much of it is extraneous to Merrill's needs. 
Net.Commerce would take the longest development time and hourly effort to complete. 
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Analysis of Auction Technology Alternatives 
for the Merrill Lynch Signature Mall Site 

Summary 

After a thorough survey of product features and various development considerations of both Opensite and 
the Net.Commerce auction package, it has been determined that OpenSite is the most appropriate 
technology for implementing an auction feature for the Merrill Lynch Online site. OpenSite more closely 
matches the requirements articulated by the client and provides the best chances for successful 
implementation within Merrill Lynch's very challenging schedule goals. 



Overview 

Merrill Lynch would like to add an auction feature to the CMA Visa Signature Rewards Mall site. This site 
enables Signature Visa card holders to redeem points earned in the Signature Rewards program for various 
premiums, mcluding merchandise, gift certificates, and travel benefits. The auction feature would allow 
card holders to bid Signature program points for special promotional items. 

The auction feature is intended to provide card holders with a fun and exciting alternative for point 
redemption, as well as to promote growth in site traffic and increase enrollment in the Signature Card 
program. 

Merrill Lynch has discussed implementing auction fiinctionality in the following ways: 

1 . Partnering with an outside auction site that would run auctions on their behalf 

2. hicorporating auction fiinctionality directly within their existing Merrill Lynch Online infi-astructure 
and administering it themselves 

3. Developing auction functionality as an outside resource and contracting with an auction management 
company to administer the auctions 



Feature Requirements 

Required auction features and specifications were communicated to IBM through the attached document 
"The Merrill Lynch/Auction Partnership". Additional background information and indications of fiiture 
plans for the auction site have been provided in two on-site meetings and numerous telephone 
conversations. During one of the on-site meetings, several Merrill Lynch executives were presented with a 
demonstration of IBM's Net.Conimerce auction product to which they responded very favorably. 

Requirements and considerations for the auction site are summarized below: 

Time to Completion: 

One of the most important considerations for the implementation of the auction fiinctionality is the 
relatively tight deadline for completing the work. 

Originally, Merrill Lynch indicated that they would like to have the auc tion fii nctionality completed in time 
to auction tickets for the Super Bowl, which takes place . The client has since 
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indicated that they understand this goal may not be realistic and have relaxed the deadline somewhat. 
However, they would like to have a serviceable auction site by the end of January 1999. 

Auction Types: 

Support for a wide range of traditional auction formats, including: 
Traditional 

Traditional with agent 
Descending or Dutch 

- Wall Street 
Silent 

- Straight Sale 
Fire Sale 

Settlement: 

The seller and the winning bidder will finalize all transactions. The auction site will not be required to 
settle transactions, so no provisions for transaction processing need to be made. 

Certain purchases made with CMA Signature Visa cards would be eligible for Signature program point 
bonuses. These additional points will need to be added to the clients' point balance. Purchases made with 
Signature program points would need to be deducted from clients' point balances. In the short term, these 
modifications to Signature point balances would be made using the facilities and procedures currently in 
place. In the future, this process might be more tightly integrated with the auction feature to make the point 
balance adjustments immediately and automatically. 

Currency: 

Because Merrill Lynch plans to support transactions in both Signature program pomts and dollars, the 
auction site must support offering items in either currency unit on an item-by-item basis. 

Scheduling and Notification of Auctions: 

The auction site must have facilities for showcasing the items that are to be auctioned and an appropriate 
system for displaying an auction schedule. 

Auctions will normally last 1-7 days. 

Bids will be accepted 24 hours a day, 7 days a week. 

Registration: 

Bids are accepted from registered bidders only, so the auction system will have to include provisions for 
participant registration. 

Offering Sources: 

Items to be auctioned can be offered by Merrill Lynch, a Merrill Lynch e-commerce partner, or by the 
auction management firm, if applicable. 

E-Mail: 

The auction solution would use e-mail to fulfill the following functions: 
Confirmation of bid 
Daily status of involved auctions 
Outbid notification when maximum bid is reached 
End of auction notification 
Winning bid notification to seller and buyer 

Business Approach 
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IBM recommends that Merrill Lynch build auction technology into the Merrill Lynch Online site and 
manage the auctions itself. This approach is not only more economical for Merrill Lynch, it also gives 
Merrill Lynch far greater flexibility and control in expanding and changing the auction feature to better fit 
its evolving business needs. IBM's recommendations and proposal are based on the assumption that Merrill 
Lynch will 



Auction Technologies Considered 

IBM Interactive Media considered two products for Merrill Lynch's online auction needs: 

NetAuction- A new component in IBM's Net.Commerce product family, this product adds full- 
featured auction functionality to Net.Commerce sites. 

OpenSite - OpenSite is a leading Internet auction development package used by dozens of sites to 
provide auction capabilities. 

Comparitive Analysis 
Cost 

OpenSite licenses are available at three configuration levels with widely varying price points: 

Opensite Professional: $5,000/license 
Opensite Merchant: $15,000/license 
OpenSite Corporate: $50,000/license 

Opensite Merchant includes all of the technical capabilities required for successful implementation of the 
Merrill Lynch auction goals, as well as some additional features that may be useful to Merrill Lynch in the 
future. Two licenses would be required for the project (one for the development and testing server and one 
for the production server), and each license requires purchase of a mandatory maintenance and support 
agreement for an additional $3,000. The total cost of OpenSite software licenses would be $36,000. 
OpenSite is available in versions that run on Windows NT Server 4.0 and are compatible with Microsoft 
IIS 4.0 server software. This means OpenSite could be run on the test and production servers abeady in 
place for the Merrill Lynch Signature project. 

Net.Commerce 's auction package requires Net.Commerce. Net.Commerce licenses are available in two 
configurations: 

Net.Commerce Start: $5,000/processor 
Net.Commerce: $20,000/processor 

The Net. Commerce Start package would be sufficient to handle the Net.Auction requirements. Two 
licenses of Net.Conmierce would also be required. The auction package is currently available on a 60-day 
trial basis at no charge. Final pricing by the Net.Commerce business organization is pending. 

The total cost of software licenses cannot be calculated until final pricing for the auction component is 
available. However, the two Net. Commerce Start licenses total to $10,000. 

Also, although a Windows NT Server version of Net.Commerce is available, it is unclear whether 
Net. Commerce is compatible with Microsoft IIS 4,0. The published documentation for Net.Commerce 
indicates that it is compatible with Lotus Go and Netscape Enterprise Server, and the auction component 
documentation indicates that it is compatible with Lotus Go. Neither the published Net.Commerce 
documentation nor the Net.Commerce personnel that were contacted could verify that Net.Commerce and 
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the auction component were compatible with Microsoft IIS 4.0, If either Net.Commerce or the auction 
component cannot be run on the existing Merrill Lynch test and production servers, then additional servers 
will be required. This will, of course, mean additional setup and hosting charges. 

Development Schedule 

One of the most important factors in the selection of an auction technology is the projected term of the 
development cycle. The deadline is extraordinarily tight and the fastest path to a fimctioning auction site 
must be taken. 

Internal IBM Interactive Media "rule-of-thumb" estimates for setting up even a simple Net.Commerce 
solution range from 600-700 hours, including 80-100 hours for properly setting up servers and installing 
and configuring Net.Commerce. In addition, it is likely that the Net.Commerce auction solution would 
require some weeks of custom development (see other items below). Being a new product, there may also 
be some unexpected technical difficulties and delays (see Product Maturity below). 

On the other hand, the development cycle for implementing an OpenSite solution is supposed to be much 
shorter. Very basic implementations have reportedly been completed in several days, longer development 
cycles being used chiefly to further customize graphics, text and other interface elements. 

Given the rather modest cosmetic requirements for the initial release of the Merrill Lynch auction site, it is 
likely that a functioning auction system could be successfully implemented much more quickly using 
OpenSite rather than the Net.Commerce auction feature. 



Product Maturity 

The Net. Commerce auction feature is a relatively new product, and although a great deal of time has 
doubtlessly been spent testing and improving it, it has not been employed for any appreciable time in an 
actual production environment. 

OpenSite is a relatively mature product that is currently employed in dozens of active auction sites. 

There are inherent risks in using any new software product. Product stability, feature sets, and usability 
improve as the product matures. Sometimes required product features or other business considerations 
outweigh the risks of using a new product. However, in this case the Net.Commerce auction technology 
does not appear to have any significant advantages over OpenSite in meeting Merrill Lynch's stated 
objectives for the project. 

Server Considerations 

As mentioned earlier, it is possible that the Net.Commerce auction feature is incompatible with the existing 
Signature server configuration. If this is the case, an additional test server and production server would 
have to be set up. 

This would not only mean additional expense, but also possible delays. Lead times for server setup, 
especially custom setup, can be lengthy, and software configuration and testing can sometimes be 
problematic and time-consuming. 

Features 

In addition to the issues covered above, there are several product feature issues that bear consideration: 
- E-Mail 
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The client requirements for the project specifically mention several applications for e-mail. The client 
would like for the auction server to use e-mail to keep both customers and administrators aware of the 
status of several auction parameters. 

The Net.Commerce auction feature does not currently support programmatic outbound e-mail of any kind. 
Net.Commerce expects registered users to log on to tihe server in order to check status. A development 
contact with Net.Commerce indicated that several weeks of custom development time would be required to 
integrate the desired e-mail functionality. The contact suggested that an API could be developed in a much 
shorter period to enable developers to implement their own e-mail functionality, but this would also 
involve a considerable custom development effort. 

Transaction Processing 

Because the Net. Commerce auction component is simply an add-on feature to Net.Commerce, it supports a 
complete set of transaction processing functions, including credit card processing and integration with 
back-end systems. 

OpenSite provides no real means of handling transaction processing, being almost exclusively a cost 
negotiation tool. Should provisions for transaction processing be required later, a separate solution will 
have to be implemented. 

There is no immediate requirement for transaction processing for the Merrill Lynch auction project, and 
because most transactions will be finalized between either the Carlson fulfillment center or the individual 
affiliate merchants, it seems unlikely that this ftmctionality will be required in the future. If there had been 
a foreseeable need for transaction processing, this would probably have been a major determining factor in 
the selection of an auction technology. 

Offerer Account Support 

There is no "built-in" functionality within the Net.Commerce auction feature to support submission and 
acceptance of auction items by registered providers. Submission of auction items would have to take place 
via other means, such as e-mailing or phoning the auction administrator. 

Opensite's Merchant level product has direct support for the submission and acceptance of items for 
auction. Although not listed as a written requirement, this feature would probably be convenient for Merrill 
Lynch as they begin to allow their affiliates to provide items for auction. 

Support for Both Dollars and Points 
The Merrill Lynch auction offering will have to support sales in dollars or Signature Rewards program 
points on an item-by-item basis. 

Neither product has built-in support for this requirement. 

In OpenSite, it is possible to remove all currency indicators fi-om the price fields and use one of the 
customizable variables as a field label for the currency field. 

A contact at Net.Commerce has indicated that direct support of this requirement would take as much as a 
week of custom development. 
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Appendix B - Auction System 

Introduction 

Merrill Lynch would like to add an auction feature to the CMA Visa Signature Rewards 
Mall site. This site enables Signature Visa card holders to redeem points earned in the 
Signature Rewards program for various premiums, including merchandise, gift 
certificates, and travel benefits. The auction feature would allow card holders to bid 
Signature program points for special promotional items. 

The auction feature is intended to provide card holders with a fim and exciting alternative 
for point redemption, as well as to promote growth in site traffic and increase enrollment 
in the Signature Card program. 

IBM has contracted with Merrill Lynch to incorporate auction ftmctionality into the 
existing Merrill Lynch Signature Visa Mall infrastructure by installing, configuring and 
customizing the OpenSite auction software on the Signature servers and modifying the 
Signature web pages to provide appropriate links to the auction pages. 

Project Sen/ers 

The auction system will be added to the current Signature Visa Mall test and production 
servers. These servers presently have enough storage capacity to hold the program files 
and are capable of servicing the additional traffic likely to be generated by the auction 
feature, at least for the near fixture. 

OpenSite, the auction software that has been selected for the implementation of the 
auction feature, is available for the servers' current operating system and web server 
software configuration. There are no known incompatibilities between OpenSite and any 
software currently operating on the test and production servers. 

Auction Software & Licensing 

IBM has obtained two licenses of OpenSite Merchant software on Merrill Lynch' s behalf 
with the accompanying mandatory upgrade and support agreements. The software 
licenses and support agreements will be transferred to Merrill Lynch following 
development and deployment of the auction feature. 

One copy of OpenSite will be installed on the Signature Visa Mall Primary Hosting 
Server in Schaumburg, IL, the other will be installed on the Signature test server in 
Atlanta, GA. Following project deployment the test server will serye as a development 
and test bed, content and configuration data being uploaded to the production server 
when complete and tested. 

Auction Administration and Site Upl<eep 
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Administration and upkeep of the auction feature requires regular, active human 
involvement. It is assumed that Merrill Lynch will designate one or more people to be the 
auction site administrators. These personnel will work with IBM to help configure 
OpenSite and related software and learn how to perform routine site management tasks. 
These Merrill Lynch personnel will ultimately assume responsibility for ongoing auction 
site maintenance and training of additional administrative staff as necessary. 

Technical Solution by Feature Requirement 

Required auction features and specifications were communicated to IBM through the 
document "The Merrill Lynch/Auction Partnership". Additional background information 
and indications of fiiture plans for the auction site have been provided in two on-site 
meetings and numerous telephone conversations. 

Requirements and considerations for the auction site are summarized below, along with 
the proposed technical solutions for meeting the requirements: 

Auction Types 

Merrill Lynch has requested support for a wide range of traditional auction formats. The 
OpenSite Merchant software allows for the customization of several price and bidding 
variables on an item-by-item basis. The setting of these variables can vary the auction 
parameters within certain limits. In the future, custom scripting and configuration can be 
used to provide specific auction fimctionality desired by Merrill Lynch. 

Settlement 

The seller and the winning bidder will finalize all transactions. The auction site will not 
be required to settle transactions. Therefore, no provisions for transaction processing 
need to be made. 

Certain purchases made with CMA Signature Visa cards will be eligible for Signature 
program point bonuses. These additional points will need to be added to the clients' point 
balance. Purchases made with Signature program points will need to be deducted from 
clients' point balances. In the short term, these modifications to Signature point balances 
will be made using the facilities and procedures currently in place. In the fiiture, this 
process might be more tightly integrated with the auction feature to make the point 
balance adjustments immediately and automatically. 

Currency 

Because Merrill Lynch plans to support transactions in both Signature program points 
and dollars, the auction site must support the offering of items in either currency unit on 
an item-by-item basis. OpenSite allows for the definition of custom variables that can be 
specified on an item-by-item basis. The standard currency label will be removed fi-om the 
item price by modifying an OpenSite configuration file. A new custom data field will be 
defined and included on pages displaying product information that indicates the type of 
currency for which the item is offered. 

Scheduling and Notification of Auctions 

The auction site must have facilities for showcasing the items that are to be auctioned and 
an appropriate system for displaying an auction schedule. 
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OpenSite's standard templates include a complete set of item listing and detail pages on 
which customers can review product information. 

Auctions will normally last 1-7 days. Bids will be accepted 24 hours a day, 7 days a 
week. 

OpenSite has full-featured, flexible auction scheduling tools. Auctions can be configured 
in advance and scheduled to start and end at discreet times. 
Bids can be accepted at any time. 

Registration 

Bids will be accepted from registered bidders only. OpenSite allows bidders to register 
using a simple HTML form. Registration data is recorded to a database and is available 
for administrator reporting. 

Offering Sources 

Items to be auctioned can be offered by Merrill Lynch, a Merrill Lynch e-commerce 
partner, or by the auction management firm, if applicable. 

The OpenSite Merchant software features a Sellers Module with which "seller" accounts 
can be established and maintained. Sellers can be granted permission to submit items for 
fixed price or auction sale. 

E-Mail 

The auction solution will use e-mail to fulfill the foUov^ng functions: 

• Confirmation of bid 

• Daily status of involved auctions 

• Outbid notification when maximum bid is reached 

• End of auction notification 

• Winning bid notification to seller and buyer 

OpenSite' s E- Auctioneer feature can be configured to automatically inform participants 
about auction activity via e-mail. E-mail is sent using a SMTP utility called "Blat!".The 
e-mail messages themselves can also be customized. 

IBM will configure the E-Auctioneer feature according to Merrill Lynch specifications. 
Additionally, OpenSite can be used to send e-mail to the site's registered bidders. Merrill 
Lynch' s auction administrators can use this feature to produce mass e-mailings to auction 
participants. 

Security 

Ciient Protection 

OpenSite can be configured to employ SSL encryption and authentication to all 
transactions of private and sensitive information. 

Because OpenSite will initially not perform any actual transaction settlement, it should 
not be directly involved in communicating any personal financial information. OpenSite 
will not initially access the Carlson point balance server and will not require or transfer 
any financial account numbers. 

The only personal information recorded by OpenSite will be the bidder registration 
information requested on the registration form. This information will be protected by SSL 
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during submission. Once established, bidder accounts are accessed via encrypted cookies 
stored at the client. 

Server Security 

All of the OpenSite administrative pages are generated dynamically by CGI only after the 
auction administrator signs on with usemame, password, and unique OpenSite keycode. 

Database Security 

All auction and registration data is stored on the server in encrypted form. 
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ADD TASK 2.3.19 to IBM Responsibilities: 

2.3.19 Auction Functionality 
Task Description: 

Design, Install and Test Auction Functionality into Signature Visa Rewards Web Application as 
per Merrill Lynch stated requirements: (See Appendix E 'Auction Software Recomnnendation' 
Section "Feature Requirements") 

This task consists of the following subtasks: 

1. Create Auction Detailed Technical Design Document 

2. Create Auction Functionality Information Design 

3. Program Auction Functionality using OpenSite software 

4. Test Auction Functionality in Test Environment 

5. Publish Auction Functionality to Production Server 

6. Test Auction Functionality in Production Environment 

Completion Criteria: 

This task will be considered complete upon written approval of the Auction Portion of the 
Signature Visa Rewards Web Application by the Merrill Lynch Project Manager, per the approval 
process described in Appendix C. Approval Process for Project Deliverables. 

DELIVERABLES: 

The following items will be delivered to Merrill Lynch as a result of this task: 

• Signature Auction Software Recommendation Document 

• Signature Auction Functionality Detailed Technical Design Document 

• Auction Portion of Signature Visa Rewards Web Application 

• Signature Auction Test Report 



TASK 2.3.19 Assumptions 
Technical Development Assumptions: 

1. General Assumptions: 

IBM will implement and configure features available within the OpenSite Merchant product. 
Custom feature development will not be performed under this Agreement. 
Merrill Lynch agrees to develop and keep available a suitable test environment, including 
any servers and software upon which the project is dependent 
Merrill Lynch will perform security and other acceptance reviews in a timely manner and 
provide clear documentation of any problems and concerns they may have so they can be 
resolved quickly and effectively. 
- The goal of the initial Implementation of the auction capabilities will be to quickly implement 
basic auction functionality that meets the customer requirements. Basic HTML template 
customizations will be considered satisfactory. No extensive graphic modifications or 
cosmetic scripting (such as rollovers, etc.) will be provided. 

2. Auction Types: 

Support for a wide range of traditional auction formats, including: 
Traditional 
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- Traditional with agent 
Descending or Dutch 

- Wall Street 

- Silent 

- Straight Sale 
Fire Sale 

3. Settlement: 

The seller and the winning bidder will finalize all transactions. The auction site will not be 
required to settle transactions, so no provisions for transaction processing need to be made. 

Certain purchases made with CMA Signature Visa cards would be eligible for Signature Program 
point bonuses. These additional points will need to be added to the clients' point balance. 
Purchases made with Signature Program points would need to be deducted from clients' point 
balances. In the short term, these modifications to Signature point balances would be made 
using the facilities and procedures currently in place. In the future, this process might be more 
tightly integrated with the auction feature to make the point balance adjustments immediately and 
automatically. 

1. Currency: 

Because Merrill Lynch plans to support transactions in both Signature Program points and 
dollars, the auction site must support offering items in either currency unit on an item-by-item 
basis. 

2. Scheduling and Notification of Auctions: 

The auction site must have facilities for showcasing the items that are to be auctioned and an 
appropriate system for displaying an auction schedule. 

Auctions will normally last 1-7 days. 

Bids will be accepted 24 hours a day, 7 days a week. 

3. Registration: 

Bids are accepted from registered bidders only, so the auction system will have to include 
provisions for participant registration. 

4. Offering Sources: 

Items to be auctioned can be offered by Merrill Lynch, a Merrill Lynch e-commerce partner, or by 
the auction management firm, if applicable. 

5. E-Mail: 

The auction solution would use e-mail to fulfill the following functions: 

- Confirmation of bid 

Daily status of involved auctions 
Outbid notification when maximum bid is reached 
End of auction notification 
Winning bid notification to seller and buyer 

Graphic and Creative Development Assumptions: 

1. All art elements will be derived from art previously created for the Signature Visa Rewards 
Web Application 

2. Interfaces will be created from existing OpenSite templates 

3. The look and feel of the auction functionality will follow the existing look and feel of the 
Signature Visa Rewards Web Application 

4. The global navigational toolbar will not be modified 

Testing Assumptions: 
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1 . There will be a 1-week test period. 

2. Test Scope 

Auction Types: 

Traditional 

Traditional witli agent 
Descending or Dutch 
Wall Street 
Silent 

Straight Sale 
Fire Sale 

Payment: Either credit card or Signature points 

If using ML Visa, purchase will be eligible for Signature point 
bonuses 

Registration 

E-mail: 

Bid confirmation 
Daily auction status 

Outbid notification when max bid is reached 
End of auction notification 
Scheduling and notification of auction 

3. Testing will take place both on the test/staging server and on the production server 

4. Target Platforms: 

Operating System: Win '95 
Browsers: 

Netscape 3.x and 4.x 

Microsoft Internet Explorer 3.x and 4.x 
Minimum Color Depth: 256 colors - 8 bit 
Minimum Color Resolution: 640 x 480 

5. Site Map, Functional Templates, and Design Documentation will be available at least 2 
weeks before testing begins. 

6. All development (including both creative and technical) will be complete before the start of the 
testing. 

7. All code will have been Unit Tested and executed on the minimum browser platforms before 
the start of testing. 

8. All content will have been reviewed and approved by the client, per the Approval Process 
described in Appendix C, before the start of testing. 

9. All content will have been incorporated into the Web Site before the start of testing. 

10. Testing will take place on a staging server (setup and provided by the development team) 
and the production server. 

11. The staging/production server(s) must have all the requisite connectivity to backend data and 
processes. 

12. Testing will be done Monday to Friday during normal business hours. 

13. Merrill Lynch will provide a functioning test environment in conjunction with IBM and Carlson 
test environments. 

Add To Section 2.5 Deliverable Materials 

The following deliverables are defined as Type Ha: 

• Signature Auction Software Recommendation Document 
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• Signature Auction Functionality Detailed Technical Design Document 

• Auction Portion of Signature Visa Rewards Web Application 

• Signature Auction Test Report 

Revise Appendix A Deliverable Guidelines 
Add: 

A.22 Signature Auction Software Recommendation Document 
Purpose: IBM will compare OpenSite and Net.Commerce software packages and make a 
recommendation based on Merrill Lynch's provided requirements for auction functionality. 
Content: A 2-3-page report outlining IBM's recommendation. 

A.23 Signature Auction Functionality Detailed Technical Design Document 
Purpose: IBM will provide a Detailed Auction Technical Design Solution, which will incorporate 
information from the Merrill Lynch Requirements, the IBM Recommendation Document, and 
design sessions held with Merrill Lynch. This document will allow IBM and Merrill Lynch to reach 
an agreement on the visual, navigational and technical design requirements of the Merrill Lynch 
Signature VISA Mall Auction Functionality. 

Content: The document will contain up to 20 pages consisting of the following, as appropriate: 

• Creative Treatment - One high-level design study based on the templates 
available in OpenSite software. 

• High Level Navigation and Branching Document depicting navigational flow. 
Functional Templates that define the general location and function of major 
screen elements for each screen defined within the Branching Document. 

• Key Technical Infrastructure 

A.24 Auction Portion of Signature Visa Rewards Web Application 
Purpose: IBM will install the Auction Functionality in the Signature Visa Rewards Web 
Application. 

Content: An accepted version of the Signature Visa Rewards Web Application Auction 
Functionality following Merrill Lynch Project Manager acceptance. 

A.25 Signature Auction Test Report 

Purpose: IBM will provide a Test Report to ensure a high quality final deliverable. 
Content: The 3-5 page Final Test Report will summarize the quality assurance effort for the 
Project. It consists of the following as appropriate: a summary of the test results, problems found, 
problems remaining, and a risk assessment. This report will be made available within 4 weeks of 
declaring the Project completed. 
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To: GGazzia@NJAOST.ML.com@internet 
cc: Rhodes Rumsey/Atlanta/IBM@IBMUS 
From: Paul Mozingo/ATLANTA/Contr/IBM @ IBMUS 
Subject: Auction URL 



Hey Gilbert, 

We have a bare bones auction site up and running on our test server. You can reach at this URL: 
http://webtest2.interactive.ihost.com/osauction.stm 

There are some issues about the site that we need to discuss and a few wrinkles to iron out, but 
you can now at least poke around at the basic functionality. We have not changed any of the 
templates or graphics yet, so what you will see is just the default "look and feel" that you get in a 
standard install. 

There were a few issues that came up during the install, mainly related to conflicts between the 
structure of the existing site and the structure that the OpenSite software requires. We were able 
to get around most of these by making changes to the OpenSite configuration files. 

However, there is one issue without a really easy solution. Right now, the entire site (pages, 
graphics, CGI) is SSL protected. This is not really common practice. Usually SSL is employed 
only for such things as forms in which clients will enter private data or reports from the server with 
sensitive information. 

The OpenSite software is not designed to operate in an environment in which every resource is 
SSL protected. There are links in as many as 250 templates that reference other files with "http" 
rather than "https". In order to protect everything, all of these links would have to be updated. If 
there are updated, there will, of course, be a maintenance issue in that they will have to continue 
to be updated and tested for every upgrade of the software. 

For right now, we have set the SSL properties on the OpenSite resources to the settings for 
which they are designed. Please note that this does not affect any of the existing Signature 
content. 

If this is acceptable to your security department, then everything is OK. We can continue to 
protect all of the Signature content and only those resources related to OpenSite that require 
protection (the registration form and possibly the bid form). 

If the entire auction site must be SSL protected, we will have to update all the "http" links to 
"https". As mentioned earlier, this will create a bit of an ongoing maintenance burden. 

If your security people have a problem with mixing the fully-protected Signature site with a mixed- 
protection auction site, we can move the auction site to its own virtual domain on the server. We 
will simply have to obtain additional certificates to cover the auction site. 

Play around with the site. Let us know what you think. Please note that there are a few links that 
don't work properly because of the configuration of the site (most notably, the "Home" button). 



There will have to be a certain amount of hand-tooling done to make the auction site fit in with our 
existing structure. 

We should probably put together a conference call to discuss some of the many options available 
in the configuration of the site. 

Also, if you send your mailing address, I will send you one of the User Manuals so you can begin 
to familiarize yourself with the Administrator documentation. 



Thank You, 
Paul Mozingo 



tel: 770-835-6091 
fax: 770-835-7249 
vdmoizng.us.ibm.com 
3200 Windy Hill Rd., WG06A 
Atlanta, GA 30339 
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On There was a conference call, with IBM (Paul Mozingo and 

Dusty) , Gilbert Gazzia and myself to address some initial security issues 
raised by IBM for what is being referred to as the ECommerce Auction site. 
During the call I raised several issues which were going to be researched by 
IBM. IBM was to get back to me with solutions and answers. This was to 
occur by the end of this week. I have not heard from them as of this 

afternoon / 
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Paul Mozingo 



To: GGazzia@NJAOST.ML.com@internet 
cc: Rhodes Rumsey/Atlanta/IBM@IBMUS 
From: Paul Mozingo/ATLANTA/Contr/IBM @ IBMUS 
Subject: Auction Security 



Gilbert: 

Dusty said he didn't get this, so I am sending it again. I had a draft saved on my computer I don't 
know if I sent this along with the information from Alex or not. 

We have been researching some alternatives for addressing the auction site authentication 
issues. We understand the security issues involved. Just as before, Merrill Lynch does not want 
personal account information stored on our server. And from a usability standpoint, it is preferable 
that there is no additional "Log In" process. 

The OpenSite support center tells us that the red fields on the registration form are hard-coded in 
the software to be required. We can't simply turn them off or remove them. 

However, we can call the CGI that this form normally calls and submit the required information 
behind the scenes. This would allow us to enter meaningless information in most of the required 
fields just to keep the software running properly. This is the most economical solution, requiring 
only 30-40 additional development hours. 

The NT version of OpenSite is also capable of using Oracle for its database. It might be possible 
(but probably very time consuming and expensive) for Merrill Lynch to set up an oracle database 
under their control that could be accessed remotely by the OpenSite software to fully integrate 
OpenSite functions with the Merrill Lynch customer databases. This would also require a special 
version of OpenSite intended for Oracle integration. 

Finally, we could dig quite a bit deeper into the inner workings of OpenSite, receding and 
customizing it to exactly meet our needs. Obviously this would require a much more intensive 
effort on our part and quite a bit of support from OpenSite's development staff. We would have to 
expend a significant effort just to properly investigate and size this option. 

There are a few of the OpenSite "required" fields for which we would have to store meaningful 
information. 

Name Field: The CMA number could be used in the "Name" field as an identifier for the user. This 
can be retrieved using the existing authentication structure. 

Handle: A "handle" is required. This is the name by which the user will be known to others within 
the auction site. This will have to be provided by the user. 



Password: An auction password is also required for certain functions, such as placing bids and 
checking account status. This will have to be provided by the user. 

Auction ID Number: OpenSite automatically assigns each auction user a six digit ID number that 
must be entered to perform bids and other auction functions. 

We are proposing using a custom registration form that will supplement the standard Signature 
site authentication to provide only the required Information for the OpenSite software to perform 
properly. This form should need to collect only a "handle" and "password" and should only have 
to be filled out once by each user 

Our understanding is that casual browsing of the auction site will require no authentication. We 
are proposing that when a user wishes to perform any function requiring auction registration that 
they be authenticated according to the following scheme: 

Not Logged Into Signature 

Not a Registered Auction User - Goes first to existing log-in screen, then to auction 
registration form 

Already a Registered Auction User - Goes first to existing log-in screen, then to desired 

page 

Already Logged Into Signature 

Not a Registered Auction User - Goes to auction registration form 
Already a Registered Auction User - Goes straight to desired page 

Once a user has registered, they use their six-digit auction ID number and password to perform 
auction functions, such as bidding. If OpenSite's "User Passport" feature is enabled, cookies are 
used to prevent the user from having to enter the auction ID number and password more than 
once per browser session. 

We realize that Security may take issue with the storage of the auction ID and password on the 
server and that Merrill Lynch may consider it to be inconvenient for the user to have to remember 
and enter their auction ID number and password each auction session. However, the use of the 
auction ID and password is very intregral to the functionality of OpenSite. Changing this would 
involve changing much of the inner workings of OpenSite itself. 

The Information required by the software under the proposed solution is as follows: 

CMAID 

Handle - an arbitrary name used to publicly identify the user in auctions 

Auction ID Number - the actual account identifier for auction purposes 

Auction Password - provided by the user and used to access auction functionality only 



End- 
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Introduction 

Overview 

Merrill Lynch Auctions is a site which enables Signature and Premium Visa card holders to redeem 
points earned in the Signature Rewards and Premium Rewards program for various premiums, including 
merchandise, gift certificates, and travel benefits. The auction feature allows card holders to bid 
Signature and Premium program points for special promotional items. 

The auction feature provides card holders with a fun and exciting alternative for point redemption, as 
well as is intended to promote growth in site traffic and increase enrollment in the Signature and 
Premium Rewards Card programs. 

IBM contracted with Merrill Lynch to incorporate auction functionality into the existing Merrill Lynch 
infrastructure. 

Project Sen/ers 

The auction system resides on the server specified by Merrill Lynch. This server presently has enough 
storage capacity to hold the program files and is capable of servicing the additional traffic likely to be 
generated by the auction feature, at least for the near future. 

OpenSite, the auction software that has been selected for the implementation of the auction feature, is 
available for the servers' current operating system and web server software configuration. There are no 
known incompatibilities between OpenSite and any software currently operating on the test and 
production servers. 

Auction Software & Licensing 

IBM has obtained two licenses of OpenSite Merchant software on Merrill Lynch's behalf with the 
accompanying mandatory upgrade and support agreements. The software licenses and support 
agreements were transferred to Merrill Lynch during development and deployment of the auction feature, 
per Merrill Lynch's request. 

One copy of OpenSite was installed on the primary hosting server in Schaumburg, IL, the other was 
installed on the IBM test server in Atlanta, GA. Following project deployment the test server now serves 
as a development and test bed, content and configuration data being uploaded to the production server 
when complete and tested. 

Auction Administration and Site Upl<eep 

Administration and upkeep of the auction feature requires regular, active human involvement. As a part 
of the original assumptions, Merrill Lynch designated one or more people to be auction site 
administrators. These personnel are responsible for working with IBM to help configure OpenSite and 
related software and capable of performing routine site management tasks, lliese Merrill Lynch 
personnel ultimately assume responsibility for ongoing auction site maintenance and training of 
additional administrative staff as necessary. 

Teciinical Solution by Feature Requirement 
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Required auction features and specifications were communicated to IBM through the document "The 
Merrill Lynch/ Auction Partnership". Additional background information and indications of future plans 
for the auction site have been provided in two on-site meetings and numerous telephone conversations. 

Requirements and considerations used for the auction site are summarized below, along with the final 
technical solutions: 

Auction Types 

Merrill Lynch has requested support for a wide range of traditional auction formats. The OpenSite 
Merchant software allows for the customization of several price and bidding variables on an item-by- 
item basis. The setting of these variables can vary the auction parameters within certain limits. In the 
future, custom scripting and configuration can be used to provide specific auction functionality desired 
by Merrill Lynch. 

Settlement 

The seller and the winning bidder will finalize all transactions. The auction site will not be required to 
settle transactions. Therefore, no provisions for transaction processing need to be made. 

Certain purchases made with CMA Signature Visa cards is eligible for Signature program point bonuses. 
These additional points will need to be added to the clients' point balance. Purcheises made with 
Signature program points will need to be deducted from clients' point balances. In the short term, these 
modifications to Signature point balances is made using the facilities and procedures currently in place. 
In the future, this process might be more tightly integrated with the auction feature to make the point 
balance adjustments immediately and automatically. 

Currency 

Because Merrill Lynch plans to support transactions in both Signature program points and dollars, the 
auction site must support the offering of items in either currency unit on an item-by-item basis. OpenSite 
allows for the definition of custom variables that can be specified on an item-by-item basis. The standard 
currency label is removed from the item price by modifying an OpenSite configuration file. A new 
custom data field is defined and included on pages displaying product information that indicates the type 
of currency for which the item is offered. 

Scheduling and Notification of Auctions 

The auction site must have facilities for showcasing the items that are to be auctioned and an appropriate 
system for displaying an auction schedule. 

OpenSite's standard templates include a complete set of item listing and detail pages on which customers 
can review product information. 

Auctions will normally last 1-7 days. Bids is accepted 24 hours a day, 7 days a week. 

OpenSite has full-featured, flexible auction scheduling tools. Auctions can be configured in advance and 
scheduled to start and end at discreet times. 

Bids can be accepted at any time. 
Registration 

Bids is accepted from registered bidders only. OpenSite allows bidders to register using a simple HTML 
form. Registration data is recorded to a database and is available for administrator reporting. 

Offering Sources 

Items to be auctioned can be offered by Merrill Lynch, a Merrill Lynch e-commerce partner, or by the 
auction management firm, if applicable. 
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The OpenSite Merchant software features a Sellers Module with which "seller" accounts can be 
established and maintained. Sellers can be granted permission to submit items for fixed price or auction 
sale. 

E-Mail 

The auction solution will use e-mail to fulfill the following functions: 

• Confirmation of bid 

• Daily status of involved auctions 

• Outbid notification when maximum bid is reached 

• End of auction notification 

• Winning bid notification to seller and buyer 

OpenSite's E-Auctioneer feature can be configured to automatically inform participants about auction 
activity via e-mail. E-mail is sent using a SMTP utility called "Blat!". The e-mail messages themselves 
can also be customized. 

IBM will configure the E- Auctioneer feature according to Merrill Lynch specifications. 

Additionally, OpenSite can be used to send e-mail to the site's registered bidders. Merrill Lynch's 
auction administrators can use this feature to produce mass e-mailings to auction participants. 
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Security 



Client Protection 

OpenSite can be configured to employ SSL encryption and authentication to all transactions of private 
and sensitive information. 

Because OpenSite will initially not perform any actual transaction settlement, it should not be directly 
involved in communicating any personal financial information. OpenSite will not initially access the 
Carlson point balance server and will not require or transfer any financial account numbers. 

The only personal information recorded by OpenSite is the bidder registration information requested on 
the registration form. This information is protected by SSL during submission. Once established, bidder 
accoimts are accessed via encrypted cookies stored at the client. 

Server Security 

All of the OpenSite administrative pages are generated dynamically by CGI only after the auction 
admmistrator signs on with usemame, password, and unique OpenSite keycode. 

Database Security 

All auction and registration data is stored on the server m encrypted form. 
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Technical Solution 



Overall Structure 

Merrill Lynch has a wide variety of online offers, which are currently being designed to encompass a new 
look and feel. Merrill Lynch Auctions is the first of these applications to launch. Instead of designing and 
coding an auction application IBM purchased OpenSite, an online auction application, to perform the 
auction piece of the project. 

During the requirements gather process, IBM determined some priorities that needed to be addressed for 
this Web application to be successful. These are described below. 

• Login to the auction must be invisible to the user. They would not be required to remember their 
handle and password. 

• Users CMA ID must be kept encrypted on the server. This would also be the means by which the user 
bids are tracked and also how many points they have available to bid with. 

• Users email must be kept encrypted on the server. This is not possible with the current auction 
database. 



High-Level Server Layout 



Merrill Lynch Authentication Server 
(Hosted by Merrill Lynch) 








Merrill Lynch Auctions Server 


(Hosted by IBM) 




^ 


r 
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Carlson Points Server 




(Hosted by Carlson) 





Merrill Lynch Authentication and Points Value Retrieval 

IBM hosts the auction application. When a user tries to perform a function that requires Merrill Lynch 
authentication: 

• The user is sent to the Merrill Lynch Authentication Server, which is hosted by Merrill Lynch. They 
are required to enter their MLOL ID and password here. 

• IBM receives an encrypted token from Merrill Lynch. 

• If the token is valid, it is decrypted with Merrill Lynch proprietary authentication code. If the token is 
not valid then the appropriate error message is displayed and none of the following bullet items are 
performed, 

• The CMA ID is extracted. 
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• This CMA ID is sent to Carlson. 

• If it is a valid CMA ID and is on file, Carlson will send the points amount back to IBM. 

• If a valid points value is returned, IBM sets the appropriate cookies for the encrypted token and the 
points value to be used for later operations. If a valid point value is not returned, IBM displays the 
appropriate error message. 

Main CGI Programs 

All CGI programs written by IBM for Merrill Lynch Auctions are written in Perl. 

Posting to OpenSite Executables 

Four of the CGI programs post data to OpenSite executables (register.cgi, bid.cgi, your infoxgi and 
auction watch.cgi). The CGI programs have to 'act' like a browser. This is done through two modules: 

• HTTP::Request::Common qw(POST) 

• LWP::User Agent 

These programs open the appropriate sockets and handle the exchange with the Webserver. Complete 
documentation can be found for these modules at www.perl.com . Then go to CP AN (Comprehensive Perl 
Archive Network) 

Registration (/cgi-bin/os/register.cgi) 

When a user wishes to register with the auction the following occurs: 

• User clicks 'Registration Center' 

• os doorman.cgi determines if you are logged in with MLOL by checking the validity of the encrypted 
token 

• If you are logged in with MLOL then os doorman.cgi sends you to /os/registration forni.stm 

• If you are not logged in with MLOL then os_doorman.cgi sends the user to the Merrill Lynch 
authentication server. If the user is valid they is redirected to /os/registration form.stm 

From /os/registration form.stm: 

• The user enters a handle and theh* email address. 

• This information is passed to register.cgi. 

If they do not have a valid CMA ID: 

• The user is directed to /os/auth_error.html 
If the user has a valid CMA ID: 

• An eight digit password is generated for the user 

• Credit-card field is set to the CMA ID 

• A fake email address is generated, consisting of [user entered handle]@shopmerrilLcom 

• The fake email address is set up to forward to the real email address through IMAIL 

• This new information, along with the information from the original post, is posted to OpenSite 
(addcust.exe) 

• The return page is then passed back to the user. 
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Bidding (/cgi-bin/os/bid.cgi) 

When a user places a bid the following occurs: 
If the user is not authenticated: 

• The user is sent to authenticate through MLOL. 

If the user card type is C, G, or B (Classic, Gold, or Basic): 

• The user is sent to /os/login error.html page (because these card types do not have points) 
If the CM A ID is blank (even though we have authenticated the user) 

• The user is sent to /os/auth_error.html 

Otherwise the user is allowed to place the bid. The following actions occur: 

• The customer handle and password are retrieved from OpenSite by CMA ID 

• If the CMA ID is not in the OpenSite database the user is sent to /os/must register.html (end here) 

• This information along with the submitted form information is posted to OpenSite (addbids.exe) 

• The return page is passed back to the user 

Auction Watch (/cgi-bin/os/auction_v^atch.cgi) 
When a user wishes to watch an auction the following occurs: 
If the user is not authenticated: 

• The user is sent to authenticate through MLOL. 

If the user card type is C, G, or B (Classic, Gold, or Basic): 

• The user is sent to /os/login error.html page (because these card types do not have points) 
If the CMA ID is blank (even though we have authenticated the user) 

• The user is sent to /os/auth_error.html 

Otherwise the user is allowed to watch the auction. The following actions occur: 

• The customer handle and password are retrieved from OpenSite by CMA ID 

• If the CMA ID is not in the OpenSite database the user is sent to /os/must register.html (end here) 

• This information along with the submitted form information is posted to OpenSite (auctwtc3.exe) 

• The return page is passed back to the user 
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Your Info (/cgi-bin/os/your_info.cgi) 

When a user chooses * Your Info' the following occurs: 

If the user is not authenticated: 

• The user is sent to authenticate through MLOL. 

If the user card type is C, G, or B (Classic, Gold, or Basic): 

• The user is sent to /os/login_error.html page (because these card types do not have pomts) 
If the CMA ID is blank (even though we have authenticated the user) 

• The user is sent to /os/auth_error.html 

Otherwise the user is allowed to watch the auction. The following actions occur: 

• The customer handle and password are retrieved from OpenSite by CMA ID 

• If the CMA ID is not in the OpenSite database the user is sent to /os/must_register.html (end here) 

• This information along with the submitted form information is posted to OpenSite (chckstat.exe) 

• The return page is passed back to the user 



The other CGI programs contain setup information and shared functions. They are written in Perl. 

/cgi-bin/setup.cgi 

Defines 

• $SERVER_NAME 
Functions 

• getlocation 

• parseCookie 

• cookie_expire_time 

• print_page 

• show_page 

• header 

• auth_server 

/cgi-bin/setup_auth.cgi 
Functions 

• get_points 

• decrypttoken 

• parse token 

• parsejoints 

• set_points_cookie 

• set token cookie 
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• verifyvalues 

• check_auth 



/cgi-bin/os/os_setup.cgi 
Defines 

• Shostname 

• $dir_root 

• $LOCATION_INDEX 

• $AUTH_SERVER 

• $AUTH_CODE 

• $SERVER_ROOT 

• $VERIFY_VALUES 

• $POINTS_CODE 

• $IMAIL 

• $KEY_CODE 

Functions 

• customerlist 

• getcustomer 

/cgi-biii/os/os_setup_auth.cgi 
Defines 

• %card_type_subroutines 
Functions 

• premium 

• signature 

• othercardtype 

/cgi-bin/os/os_doorman.cgi & /cgi-bin/os/os_receive.cgi 

These programs define no variables and contain no functions. os_doorman.cgi controls access to areas of 
the site that requu-e authentication. os_receive.cgi is responsible for receiving the encrypted token from 
Merrill Lynch and for receiving the point value from Carlson. 

Server Configurations 

Primary Hosting Server 

With the exception of the Log-In page, all of the Merrill Lynch Auctions content is hosted on a primary 
hosting server m Schaumburg, IL. 



The specified server will adequately handle many times the projected traffic volume for quite some time. 
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For consistency with Merrill Lynch hosting platform standards, the server will run Microsoft Internet 
Information Server 4.0 on the Microsoft NT operating system. 

Much of the site logic will depend upon CGI scripts written in PERL. Appropriate PERL taint checking 
is used to ensure that these functions are performed securely. PERL version 5.00502 is used. This is 
obtained fi-om ActiveState Tool Corp. 

Verasign SSL certificates will provide secure, 128-bit encrypted, authenticated communication between 
the primary hosting server and the Carlson and Merrill Lynch servers. The Primary Hosting server is 
configured to support only RC4 128-bit encryption with MD5 message authentication. 

IBM Content Hosting provides a high level of physical security and a very comprehensive package of 
standard monitoring and server maintenance services. 

Because the server-to-server connection between the Primary Hosting Server and the Carlson server is 
completely programmatic and will not involve an SSL-enabled browser, the script on the Primary 
Hosting Server will control its part of the SSL session with the Carlson server using a Java-based SSL 
tool included in the SSL Toolkit 3.0 package. This toolkit is developed and supported by the IBM 
Network Security Products Development Department (NGEA). 

Merrill Lynch Authentication Sen/er 

The Merrill Lynch Authentication Server is configured as follows: 

- Microsoft Windows NT 4.0 Operating Systems 

- Microsoft Internet Information Server 4.0 

- Verasign Server Certificate 

The Merrill Lynch Server, located in Plainsboro, New Jersey, is dedicated to the authentication fiinction. 
It hosts the Log-In page and will communicate with Merrill Lynch databases through production SP2 
servers via the Merrill Lynch internal networking structure. 

A Verasign server certificate will support 128-bit encryption for communications with the primary 
hosting server and with site visitors logging in. This certificate assures site visitors that they are 
communicating with a genuine Merrill Lynch server and protects the user names and passwords entered 
into the form hosted by Merrill Lynch. 

This server is set up and maintained by Merrill Lynch. 

Carlson Sen/er 

The Carlson Server, located in Minneapolis, Minnesota, is not necessarily be dedicated to Merrill Lynch 
application functions. It runs the Microsoft Windows NT operating system. 

This server communicates with the primary hosting server via secure SSL transactions. This server is 
outfitted with a Verasign server certificate to ensure that point balance requests are sent only to the 
Carlson server and that the customer CMA IDs are properly protected. 

The Carlson server employs an Active Server Page (ASP) script that analyzes the client certificate 
information during each https point balance request to verify that the request originated from the Primary 
Hosting Server. Carlson is responsible for preparing this script to Merrill Lynch specifications. 
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Auction JavaScript Documentation 

This documentation only covers scripts written by IBM developers or provided by Merrill Lynch (client). 
It does not cover scripts written by OpenSite. A brief description is given of each script and the functions 
they use. 

Registration Handle Validation 

This script was written to prevent users from entering curse words as handles when registering. If the user 
enters a curse word with no leading blanks, they receive an alert box stating " The handle you entered is 
invalid. Please enter a valid handle.'' If the handle field is left empty the user is prompted "You must 
enter a Handle". 

This script has two functions isEmptyQ and checkHandleQ. 
<!-- 

function isEmpty(inputStr){ 

if(inputStr == null || inputStr = ""){ 
return true; 
} 

return false; 

} 

function checkHandle(form){ 

var inputHandle = form. chndl.value; 

var inputEmail = form. cmail.value; 

inputHandle = inputHandle.toUpperCaseQ; 

var 

checkString="cockfuckniggerjewbagdykekykegookshitcuntpussyasshoIebitchputzschmuckasswipeasspecke 

rschlongpuntangsuckmikehuntharrydickblowjobhandjobscrotumballswankermuffhairpiecrackbuttpooppoop 

oosmegmacarpetmunchercarpetmuncherlesbianlesboslutclitcocksuckeroralsexoralsexspankmasturbatejacko 

ffwhoreanalbuttholesluttytoiletdouchebagbendoveijizzgizzspxmkMicrosoflpeepeecacakakasacksucksucker^ 

uxvaginapenisrectumfomicatesodomymasochismsadismdildovibratortitboobbisexualhomosexualtesticlevul 

vauterusclitorusfartfartknockerdickmunch" ; 

checkString = checkString.toUpperCaseO; 

if(isEmpty(inputHandle)) { 

alertC'You must enter a Handle!"); 

return false; 

} 

else if(isEmpty(inputEmail) || inputEmail.indexOf("@") == -1){ 
alertC'You must enter a valid Email Address"); 
return false; 
} 

else if(checkString.indexOf(inputHandle) !=-!){ 

alert("The handle you entered is invalid. Please re-enter a valid handle"); 

return false; 

} 

else return true; 

} 
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Registration Handle Pop Up 

This script launches a pop up window when the users clicks on the word Handle in "Pick a Handle" text 
on Registration form. 

This script has two functions launchQ and launchRemoteO- 

<script language="javascript"> function launch(newURL, newName, newFeatures, orgName) { 
var remote = open(newURL, newName, newFeatures); 
if (remote.opener = null) 

remote.opener = window; 

remote.opener.name = orgName; 
return remote; 

} 

function launchRemote() { 

myRemote = launchC'index.html", 
"myRemote", 

"height=500,width=479,alwaysLowered=0,alwaysRaised=0,channelmode=0,dependent= 
O,directories=0,fullscreen=0,hotkeys=l,location=0,menubar=0,resizable=0,scrollbars=l,s 
tatus=0,titlebar= 1 ,toolbar=0,z-lock=0", 
"infoWindow"); 

} 

</script> 

Points Balance Check 

This script prevents the user from bidding more than their available points total on an item. However, the 
user can bid less than their points total on muhiple items and exceed their point balance. 

There are two functions associated with script: stripCommasQ and checkBidAmountO. 

<script language="javascript"> function stripConmias(bidString){ 
var bString = bidString; 
var newString = ""; 
var comma = ","; 
if (bString.indexOf(comma)>=0){ 

for (var i=0; KbString.length; i++) 

if (bString.charAt(i) != comma) 
break; 

for (var j=bString.length-l; j>=0; j") 

if (bString.charAt(j) 1= comma) 
break; 

if(i=bString.length && j=-l) 
newString=**"; 

else { 

if(i!=0 ||j!=bStrmg.length-l){ 

newString = stripCommas(bString.substring(iJ+l)); 

}else 

newString = bStringxharAt(i)+ 

stripCommas(bString.substring(i+ 1 j+ 1 )+ bString.charAt(j+ 1 )); 

} 

} 

else{ 

newString = bString; 
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} 

return newString; 

} 

</script> 

<script language="javascript'*> 
function checkBidAmount(){ 
var ptsVal = 0; 

var bidAmount = stripCommas(document.BidForm. bprice.value); 

var newBidAmount = parselnt(bidAmount); 

ptsVal = parseInt(GetCookie("z")); 

if(ptsVal = "null"){ 
alert(" Your point total is not available"); 
return false; 

} 

if(ptsVal < newB id Amount) { 
alert("Sorry, you do not have enough points to bid on this item!"); 
return false; 
} 

return true; 

} 

</script> 

Point Balance Retrieval 

This script retrieves the customers Merrill Lynch point balance. It uses getCookieO, getCookieValO, 
setCookieO, getPointsQ. 

<script language="javascript 1 . 1 "><!- 

var argstr = location.search.substring(l, location.search.length); 
var args = argstr.split('&'); 
var currentcookie = null; 

function getCookieVal (offset) { 

var endstr = documentxookie.indexOf (";", offset); 

if(endstr = -I) 

endstr = document.cookie.length; 

return unescape(document.cookie.substring(offset, endstr)); 
} . 

function setCookie( value) { 
var cookie = null; 

if (value = null) { 

this.documentxookie = 'home=http://w^ww.mlol.ml.com/; path=/'; 

} 

else { 

for (var i = 0; i < args.length; i++) { 
if (args[i],indexOfChome') = 0) { 
value = unescape(args[i]); 
this.documentxookie = value + *;path=/*; 

} 

} 
} 
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} 

function GetCookie(name) { 
var arg = name + "="; 
var alen = arg. length; 
var clen = document.cookie.length; 
var i = 0; 
while (i < clen) { 

varj = i+ alen; 

if (document.cookie.substring(i, j) == arg) 

return getCookieVal (j); 

i document.cookie.indexOf(" i) + 1; 
if(i = 0) break; 

} 

return null; 

} 



currentcookie = GetCookie("home"); 

setCookie(currentcookie); 

//--> 

</script> 

<script language="javascriptl . 1 "><!-- 
function getPoints(){ 
var points = 0; 

points = GetCookieC'z"); 
if (points = null) { 
points = 'points'; 

} 

documentforms[0].elements[0].value = points; 
} 

//--> 

</script> 

Image Roll Overs 

This script highlights images when mouse rolls over them. 

<SCRIPT LANGUAGE = "JavaScript"><!--// 

function imgKey(sourceOff, sourceOn){ 
if(document. images) { 
this.on = new ImageQ 
this.on.src = sourceOn 
this.off = new ImageQ 
this.off.src = sourceOff 

} 

} 

// Here's the array of image objects, 
var imgList = new ArrayQ; 

// Preload Rollover images 

// imgList[name]=new imgKey(offImage,onImage) 
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//header images 

imgList["nilol"] = new imgKeyC'/os/images/merrillJynch/mla sur bl.gif 
"/os/images/merrill_lynch/mlasur_r 1 .gif '); 

imgList["cent"] = new inigKey("/os/images/meiTill_lynch/mla_sur_b2,gif' , 
'Vos/images/merrillJynch/mla_sur_r2.gif'); 

imgList["eshop"] = new imgKey(7os/images/merrillJynch/mla_sur_b3.gif 
"/os/iniages/merriIl_Iynch/mla_sur_r3.gif'); 

imgList["ebus"] = new imgKey("/os/images/merrill Jynch/mla_sur_b4,gif 
'Vos/images/merrill_lynch/mla_sur_r4.gif'); 

imgList["auct"] = new inigKey("/os/images/merrillJynch/mla_sur_b5.gif 
"/os/images/merrill_lynch/mla_sur_r5.gif'); 

//subnav images 

imgList["reg"] = new imgKey('Vos/images/nierrill_lynch/mla_sur_b6.gif 
'7os/images/merrill_lynch/mla sur r6.gif'); 

imgList["res"] = new imgKey("/os/images/merrill_lynch/mla_sur_b7.gif 
"/os/images/merrill lynch/mla sur_r7.gif'); 

imgList["watch"] = new imgKey("/os/images/merrill_lynch/mla_sur_b8.gif 
"/os/images/merrilMynch/mlasurrS.gif ); 

imgList["stat"] = new imgKey("/os/images/merrillJynch/mla_sur_b9.gif' , 
"/os/images/merrill_lynch/mla_siir_r9.gif'); 

imgList["me"] = new imgKeyCVos/images/merrill lynch/mla^sur blO.gif 
'7os/images/merrill_Iynch/mlasur_rl0.gif'); 

imgList["help"] = new imgKey('Vos/images/merriUJynch/mla_sur_bl l.gif, 
'7os/images/merrilMynch/mIa_sur_rl 1 .gif ); 

imgList["us"] = new imgKey("/os/images/merrill_lynch/mIa_sur_bl2.gif 
"/os/images/merrill_lynch/mla_sur_rl2.gif'); 

inigList["about"] = new imgKey('Vos/images/meiTill_lynch/nila_sur_bl 3.gif', 
"/os/images/merrilllynch/mlasurrlS.gif ); 

imgList["sign"] = new imgKey('Vos/images/merrillJynch/mla_sur_bl4.gif *, 
"/os/images/nierrill_lyncli/mla_sur_rl4.gif'); 

imgList["visa"] = new imgKeyC'/os/images/meirillJynch/mla sur b 15.gif', 
"/os/images/merrill_Iynch/mla_siir_rl5.gif' ); 

//footer images 

imgList["mlol2"] = new imgKeyCVos/images/merrilllynch/mlasurbl.gif, 
"/os/images/merrilllynch/mlasurrl.gif); 

imgList["cent2"] = new imgKey("/os/images/merrill_lynch/mla_sur_b2.gif 
*Vos/images/merrill_lynch/mla_sur_r2.gif'); 

imgList["eshop2"] = new imgKey("/os/images/merriIl_lynch/mla_sxxr_b3.gif *, 
"/os/images/merrilMynch/mla_sur_r3.gif'); 

imgList["ebus2"] = new imgKey("/os/images/merrill_lynch/mla_sur_b4.gif 
'7os/images/merrill_lynch/mla_sur_r4.gif'); 

imgList["auct2"] = new imgKey("/os/images/merrilMynch/mla_sur_b5.gif 
'7os/images/merrill_lynch/mla_sur_r5.gif'); 

//This function swaps in the "on" image. It should be called in an onMouseover event handler 
function imgOn (imgName) 
{ 

if(document. images) 
{ 

document[imgName].src = imgList[imgName].on.src; 

} 

} 

// This function swaps in the "off' image. It should be called in an onMouseout event handler 
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function imgOff (imgName) 
{ 

if(document, images) 
{ 

document[inigName].src = imgList[imgName],off.src; 

} 

} 

//--> 
</script> 

Banner Ad 

Displays banner ads at top of every auction page. This is a client provided script that was modified by 
IBM. The " banner = /os/banners/...'' assignment statement was modified to point to the "os" virtual 
directory. 

This script has two fiinctions: setupTopBannersQ and displayTopBannerQ. 
<SCRIPT LANGUAGE="JavaScript"> 
<!-- Begin 

function setupTopBannersQ { 

var numberOfBanners = 34; 

var now = new DateQ 

var sec = now.getSecondsQ 

var ad = sec % numberOffianners; 

ad = (Math.round(Math.random() * numberOffianners) + 1); 



if (ad=l) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/aips003z.htmr'; 

alt="M£dce Time Work for You With a Long-Term Investment Strategy"; 

banner="/os/banners/aips003h.gif' ; 

width="600"; 

height="35"; 

} 

if (ad-=2) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/aips004z.htmr'; 

alt="Seek Your Goals with MPs"; 

banner="/os/banners/aips004h.gif' ; 

width="600"; 

height="35"; 

} 

if (ad=3) { 
txt=""; 

url="http://www.plan.mLcom/siteadv/mfa001z.htmr*; 

alt="Want Relief fi-om Making Mutual Fund Investment Decisions?"; 

banner="/os/banners/mfaOO 1 h.gif ; 

width="600"; 
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height="35"; 
} 



if (ad==4) { 
txt=""; 

url="http://www.plan.ml.coin/siteadv/infa005z.htnil"; 

alt="Did You Know Asset Allocation of Mutual Funds Can Help Lower Risk?"; 

banner='7os/banners/mfa005h.gif'; 

width="600"; 

height="35"; 

} 

if (ad==5) { 
txt=""; 

url="http://www.plan.mlxom/siteadv/mfa0082.htmr*; 

alt="Market Jitters? Rely on Professional Portfolio Management for a Competitive Advisory 
Free"; 

banner="/os/banners/mfa008h.gif'; 

width="600"; 

height="35"; 

} 

if (ad==6) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mfas0022.htmr'; 

alt="Want to Receive Mutual Fund Advice, While Retaining Control of Investment Decisions?"; 

banner="/os/banners/mfas002h.gif*; 

width="600"; 

height-"35"; 

} 

if (ad-=7) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mfas004z.htmr'; 

alt="Want Customized Mutual Fund Recommendations?"; 

banner="/os/banners/mfas004h.gif ' ; 

width="600"; 

height="35"; 

} 

if (ad=8) { 
txt=""; 

url="http://www.plan,ml.coni/siteadv/mfas005z.htmr'; 

alt=" Want Access to Nearly 2,000 Funds Funds from Over 80 Fund Families?"; 

banner="/os/banners/mfas005h.gif'; 

width="600"; 

height="35"; 

} 

if (ad==9) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mlam037z,html"; 

alt="Europe is Changing. Maybe Your Investment Portfolio Should, Too."; 

banner="/os/banners/mlam03 7h.gif' ; 

width="600"; 

height="35"; 
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} 

if(ad-=20) { 
txt=""; 

url="http://www,plan.mlxom/siteadv/mlain0382.html"; 

alt="Want Investment Opportunities That are Out of This World? Consider Mercury."; 

banner="/os/banners/mlam03 8h.gif'; 

width="600"; 

height="35"; 

} 



if (ad==10) { 
txt=""; 

url=*'http://www,plan.ml.coni/siteadv/mlam03 82.html"; 

alt="Want Investment Opportunities That are Out of This World? Consider Mercury."; 

banner="/os/banners/mlam038h.gif'; 

width="600"; 

height="35"; 

} 



if (ad— 11) { 
txt=""; 

url="http://www.plan.mlxom/siteadv/mlam0392.htmr'; 

alt="Think Globally... Act Now"; 

banner="/os^anners/mlam03 9h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=I2) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mlam040z.htmr'; 

alt="Think the Best Investment Opportunities Are in the U.S.? You Might Want to 
Think Again."; 

banner="/os^anne^s/mlam040h.gif'; 

width="600"; 

height="35"; 

} 



if (ad=I3) { 
txt=""; 

url="http://www.p!an.mLcom/siteadv/mlam04 1 z.html"; 

alt="Some of the World's Leading Companies Trust Their Assets to Us. Why Wouldn't You?"; 

banner="/os^anners/mlam041h.gif'; 

width="600"; 

height="35"; 

} 

if (ad=14) { 
txt-""; 

url="http://www.plan.ml.com/siteadv/mlam042z.htmr'; 
alt="Expand Your Investment Horizons"; 
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banner='Vos^anners/mlam042h.gif' ; 

width="600"; 

height="35"; 

} 

if (ad=15) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mlig008z.htnil"; 

alt='*Maximize Retirement Savings While Minimizing Taxes with RateMax(SM)"; 

banner='7os/banners/mlig008h.gif'; 

width="600"; 

height="35"; 

} 

if (ad=-16) { 
txt=""; 

url='*http://www.plan.ml.com/siteadv/mlig014z.htmr'; 

alt="The Tax Man Cometh"; 

banner=*Vos/banners/mligO 1 4h.gif' ; 

width="600"; 

height="35"; 

} 

if (ad==17) { 
txt=""; 

url="http://www.plan.mlxoni/siteadv/mlam004z.html"; 

alt="With Daily Account Updates, Portfolio Cracking Has Never Been Easier"; 

banner='Vos/banners/mlol004h.gif' ; 

width="600"; 

height="35"; 

} 

if(ad=18){ 
txt=""; 

url="http://www.plan.mlxom/siteadv/mlam005z.htmr'; 

alt^"With 24-Hour Account Updates, Portfolio Tracking Has Never Been Easier"; 

banner="/os/banners/mloI005h.gif' ; 

width="600"; 

height="35"; 

} 

if (ad=19) { 
txt=""; 

url="http://www,plan.ml.com/siteadv/mlam006z.html"; 

alt="24-Hour Account Access"; 

banner='7os/banners/mlol006h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=20) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/mloI007z,htmr'; 
alt="Is Your Portfolio On Track?"; 
banner="/os/banners/mlol007h.gif' ; 
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width="600"; 
height="35"; 
} 



if (ad==21) { 
txt=""; 

url="http://www.plan.ml.coni/siteadv/inltr005z.html"; 

alt="Merrill Lynch Trust Services Available Nationwide"; 

banner="/os/banners/mltr005h.gif'; 

width="600"; 

height="35"; 

} 



if (ad=22) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/ppg002z.html"; 

alt="Private Portfolio Group Individualized Portfolio Management Group for a Complex World"; 

baimer="/os/banners/ppg002h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=23) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/ppg004z.htmr'; 

alt=;'Private Portfolio Group Creates Tailored Solutions for Your Investment Needs"; 

banner="/os/banners/ppg004h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=24) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/ppg008z.htmr'; 

aIt="Do You Know the Benefits of an Individually Managed Portfolio?"; 

barmer="/os/baimers/ppg008h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=25) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/ppg010z.htmr'; 

alt="Does Your Idea of Enjoying Retirement Include Managing Your Investments?"; 

banner="/os/banners/ppgO 1 Oh.gif ; 

width="600"; 

height="35"; 

} 



if (ad=26) { 
txt=""; 
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url="http://www.plan.ml.com/siteadv/ppg012z.html"; 

alt="More Than 20 Years' Experience Managing Client Assets"; 

banner="/os^anners/ppgO 12h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=27) { 
txt=""; 

url="http ://www.plan.ml .com/siteadv/rpaOO 1 z.html" ; 

alt="Want Professional Management of Your Portfolio of Retirement Plus Funds?"; 

banner="/os/banners/rpaOO 1 h.gif ; 

width="600"; 

height="35"; 

} 



if (ad==28) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/rpa003z.html"; 

alt="Want a Disciplined Approach to Help Achieve Your Long-Term Goals in Retirement Plus?"; 

bannei="/os/baimers/rpa003h.gif'; 

width="600"; 

height="35"; 

} 



if (ad=29) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/wcma040z.htmr'; 

alt="Move Money Electronically - FREE. WCMA Funds Transfer Service"; 

barmer="/os/banners/wcma040h.gif' ; 

width="600"; 

height="35"; 

} 



if (ad=30) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/wcma049z.htmr'; 

alt="Optimize Your Business's Cash Flow with a WCMA Line of Credit."; 

banner="/os^anners/wcma049h.gif'; 

width="600"; 

height="35"; 

} 



if(ad=31) { 
txt=""; 

url="http://www.plan.ml.com/siteadv/wcma05 1 z.htmr' ; 

alt="Maximize Your Business's Credit Options"; 

baimer="/os/baimers/wcma05 lh.gif' ; 

width="600"; 

height="35"; 

} 
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if (ad==32) { 
txt=""; 

urI="/mlol/main/index.asp?Action=Global"; 

alt="MerrilI Lynch Global Investor Network Exclusive Daily and Global News" 

banner="/os/banners/ginbanner.gif*; 

width="600"; 

height="35"; 

} 



if (ad==33) { 
txt=""; 

url='Vmlol/main/index.asp?Action=Global"; 

alt="Merrill Lynch Global Investor Network Exclusive Daily and Global News" 

banner="/os/banners/10animsized.gif'; 

width="600"; 

height="35"; 

} 



if (ad=34) { 
txt=""; 

url="/mlol/main/index.asp?Action=Globar'; 

alt="Merrill Lynch Global Investor Network Exclusive Daily and Global News" 

banner="/os/banners/3 animsized. gif ' ; 

width="600"; 

height="35"; 

} 



if (ad=35) { 
txt=""; 

url="/mlol/main/index.asp?Action=Globar'; 

alt="MerriU Lynch Global Investor Network Exclusive Daily and Global News" 

banner="/os/banners/8animfmal.gif'; 

width-"600"; 

height-"35"; 

} 

} 

function displayTopBamier(){ 
setupTopBannersO 
document. writeC<center>'); 

document. write('<a href=\"' + url + ^" target=\"_top\">'); 
document. writeC<img src=\*" + banner + '\" width=') 
document. write( width + ' height=' + height + ' '); 
document. writeCalt=\"' + alt + V border=0><br>'); 
document. writeC<small>' + t?ct + •</small></a>'); 
document. write('</center>*); 
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JavaScript Functions 



Function 


Expects(parara;eters) 


Returns 


Description 


Name 








CheckBidAmountO 


none 


Boolean 


Prevents the user form 
bidding an amount 
greater than their current 
point balance. 


CheckHandleO 


form 


Boolean 


Returns true if handle 
does not contain curse 
word and is not empty, 
alert box and false 
otherwise. 


Display TopBannerO 






Displays banner at top 
of every auction page. 


GetCookieO 


string 


Cookie value 


Calls getCookieValO to 
retrieve cookie 
information. 


GetCookieValO 


integer 


Cookie value 


Retrieves cookie 
information 


GetPointsO 


none 




Retrieves points balance 
and sets form field to 
current points 


ImageKeyO 


string, string 




Used to pre-load images 
into ImageList[] array 


ImageOffi[) 


string 




Causes image to 
highlight when mouse is 
over it 


ImgaeOnO 


string 




Returns image to normal 
when mouse moves off 
image 


isEmptyO 


Input string 


Boolean 


Returns true or false 
dependmg on if strmg is 
empty or not. 


Laimch() 


New window Url, 
New window name, 
New window features, 
Original window Name 


New window 


Launches a new browser 
window with description 
of "handle" found in the 
Auction Guide page. 


LaunchRemoteQ 


None 


Launched window 


Call "launchQ" to return 
new browser window. 


SetCookieO 


string 




Sets cookie value 


SetupTopBannerO 


None 




Sets up banner ads for 
random display 


StripCommasO 


Input string 


String with no commas 


Removes commas from 
strings in order to check 
bid amount. 



Modifications to OpenSite Templates 
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Merrill Lynch Online Auction Template Modifications 
Introduction 

IBM has contracted with Merrill Lynch to incorporate auction functionaUty into the existing Merrill Lynch 
Signature Visa Mall infrastructure by installing, configuring and customizing the OpenSite auction 
software on the Signature servers. This document provides a summary of the changes made to the 
OpenSite software to incorporate this fiinctionality. These changes include the modification of existing 
OpenSite templates as well as the creation of static HTML and JavaScript files. This document also 
provides a description of changes made to the OpenSite administration tool and how to edit the customer 
database. 

OpenSite Template Modifications 

The OpenSite templates were customized utilizing HTML and JavaScript technologies and can be found in 
the "wwwroot/oshome" directory. These are dynamic files that generate static ".stm " files when edited 
and published using the OpenSite Template Editor. The ".stm" files should not be modified, as they would 
be overwritten every time a change is made to an ".htx" file and that ".htx" file is published. More 
information on modifying templates can be found in the ''Introduction to Customizing Templates " section 
of the OpenSite user guide chapter 5 "The Administration Index". The following templates were modified: 

• Acknowledge_Auc.htx 

• Auctionwatch.htx 

• Buyers_status_output.htx 

• CategoryAuc.htx 

• CategoryAucNew.htx 

• Contact_page.htx 

• Includeheader.htx 

• Include_footer.htx 

• Include_home_message.htx 

• Info__page,htx 

• Item_form_Auc.htx 

• Osauction.htx 

• Registration_form, htx 

• Send_password.htx 

• View_customer_bidding_history.htx 

• Winnersauction.htx 

Static Files 

Static files were created for displaying client content and providing meanmgfiil error messages for the 
auction site. All of these files must be updated whenever changes are made to the include header 
(include_header.htx) and footer (include footer.htx) files. The "info_window.html" file contains the same 
content as the "about us.html" file; therefore, whenever changes are made to the "about us.html" file this 
file must be updated as well. These static files are located in the "os" directory and are as follows: 

• About_us.html 

• Info_window.html Must be updated whenever changes are made to "about_us.html" 

• Auth_error.html 

• Bid_redirect.html 

• Login_enor.html 

• Mustregister.html 

• Points_error.html 

Administration Templates 

The category hyperlink in the Administrative index was removed to prevent the addition or deletion of 
categories. There is only one category "Current Items" and this category holds all auction items. To create 
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test items, the administrator may assign these items to the "Test " category provided by the software. The 
file modified for this change is the "administrationjndexjeft frame.htx" and is located in the 
"oshome/administration" directory. 

JavaScripts 

Several JavaScript fimctions were incorporated into to the auction site templates to provide image rollover 
effects and form validation. These scripts are included in several template files and are also located in two 
JavaScript files: "include_mloljscript.htm" and "include regiscriptjs". These scripts are in the 
"wwwroot/os" directory and the templates that contain them are listed below: 

• Include_header,htx —Points Retrieval, Banner Ad, Image Roll Overs 

• Include__footer.htx —Pomts Retrieval 

• Item_form_Auc,htx —Points Balance Check 

• Registration form.htx —Check Handle, Handle Pop up 



A Brief description of these scripts is provided in the table below. 



JavaScripts 


Description 


Points Retrieval 


Retrieves the customer's point balance fi-om Merrill 
Lynch and populates the ptsVal edit box with that 
value. If the point value is returned "null" the text 
box is populated with the text "points". 


Points Balance Check 


Restricts the user fi-om placing a bid that is greater 
than his/her points balance. 


Check Handle 


Screens handle entry on registration form for curse 
words. 


Handle Pop up 


Launches pop up window when user clicks on "Pick 
a handle" text on registration form. 


Banner Ad 


Client provided this script. 


Image Roll Overs 


Client provided this script. 



Error Templates 

OpenSite contains three error message templates. While the text in these files can be modified, the actual 
error that is generated by the template cannot. According to OpenSite, this error message is generated by 
their executed code and "cannot" be modified. The three error files are listed below and they are located in 
the "oshome" directory: 

• Error_message_bid.htx 

• Error_message_general.htx 

• Error_outbid_by_autobid.htx 

Mail Templates 

OpenSite automatically generates email messages when the customer performs certain actions. These 
actions mclude: placing a bid, a customer being outbid, a customer winning an auction item, and a 
customer registering to the site. All of these email messages are sent immediately except for the winning 
bidder email "mail_buyer_notices.txt". This email must be sent utilizing the invoicing function in the 
Administration Tool. To obtain more information on this procedure, please refer to chapter 5 in the 
OpenSite user's guide. All other emails have been customized to go to the auction administrator. The 
following is list of the email that were customized for the Merrill Lynch Online Auction: 

• Mail_buyer_notices.txt 

• Mail_outbid_notice.txt 

• Mail_welcome_buyers.txt 

• Mail_acknowledge_auc.txt 
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Images 

Images for the auction site are located in three directories. The images used to customize the auction 
software are located in the "os/images/merryll_lynch" directory. The Banner Ad images are located in 
the "os" directory and all the OpenSite images are in the "os/images/styles/modemblue" directory. 

Style Sheet 

Can be found in the "wwwroot/os/images/MerrillJynch" directory. 

• Basic.css 

Customer Database File 

OpenSite does not provide a way to delete existing customers from the site. The only way this can be 
achieved is by manually editing the Customer database file "cust.txt" located in the "oshome/data/central" 
directory. This file is very sensitive and should be modified carefiilly. To delete a customer simply find 
the customers handle or id number and the deleted the customer's entire record. Do Not attempt to modify 
part of the record as this may screw the whole database up. 

When and How to modify the Customer Database 

• While attempting to perform an administrative function the administrator receives an error 
message stating " Sorry, The encryption key is null and can not be encrypted". This means that 
one of the customers have a null "cmaid" or "password". The admin must edit the "cust.txt" file 
and search for all customers who have recently registered, checking for null or blank "cmaid" or 
"password" values. All records containing these null values must be deleted from the database 
and the customers must be notified to re-register. 

• The Administrator needs to delete a customer from the database. 

Merrill Lynch Signature and Premium Technical 
Functionality 

Please refer to the "Merrill Lynch Signature Technical Design Docimient" or the "Merrill Lynch 
Premium Technical Design Document" for functionality that is linked to through Merrill Lynch 
Auctions, but is technical fimctionality not included in the scope of the Merrill Lynch Auctions. 



Technical Design for Merrill Lynch Auctions -Draft Only 



